Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-8111 (GCVE-0-2014-8111)
Vulnerability from cvelistv5 – Published: 2015-04-21 17:00 – Updated: 2024-08-06 13:10
VLAI?
EPSS
Summary
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public ?
2015-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "RHSA-2015:0849",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "DSA-3278",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"name": "RHSA-2015:0848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:1642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "RHSA-2015:0847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "74265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74265"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:10:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:1641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "RHSA-2015:0849",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "DSA-3278",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"name": "RHSA-2015:0848",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:1642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "RHSA-2015:0847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "74265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74265"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "DSA-3278",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:1642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "74265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74265"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8111",
"datePublished": "2015-04-21T17:00:00.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-8111",
"date": "2026-05-19",
"epss": "0.03739",
"percentile": "0.88141"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.40\", \"matchCriteriaId\": \"4A9136A4-5A30-43DD-A9F6-27D486F431AD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Apache Tomcat Connectors (mod_jk) anterior a 1.2.41 ignora las reglas JkUnmount para los sun\\u00e1rboles de anteriores reglas JkMount, lo que permite a atacantes remotos acceder a artefactos de otra forma restringidos a trav\\u00e9s de vectores no especificados.\"}]",
"id": "CVE-2014-8111",
"lastModified": "2024-11-21T02:18:34.823",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-04-21T17:59:01.510",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0846.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0847.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0848.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0849.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1641.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1642.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3278\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/74265\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0846.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0847.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0848.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0849.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1641.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1642.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3278\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/74265\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-8111\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-21T17:59:01.510\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat Connectors (mod_jk) anterior a 1.2.41 ignora las reglas JkUnmount para los sun\u00e1rboles de anteriores reglas JkMount, lo que permite a atacantes remotos acceder a artefactos de otra forma restringidos a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.40\",\"matchCriteriaId\":\"4A9136A4-5A30-43DD-A9F6-27D486F431AD\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0846.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0847.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0848.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0849.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1641.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1642.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3278\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/74265\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0846.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0847.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0848.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0849.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1641.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1642.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3278\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/74265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2015-AVI-441
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris version 11.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2014-8111",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8111"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-441",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 20 octobre 2015",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
CERTFR-2015-AVI-441
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris version 11.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2014-8111",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8111"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-441",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 20 octobre 2015",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
CNVD-2015-02709
Vulnerability from cnvd - Published: 2015-04-24
VLAI Severity ?
Title
Apache Tomcat Connectors信息泄露漏洞
Description
Apache Tomcat是一款由Apache Foundation维护的免费开放源代码的Java Servlet和JSP服务程序。
Apache Tomcat Connectors 1.2.41之前的版本存在信息泄露漏洞。允许远程攻击者通过未指定向量泄露受限制的数据。
Severity
中
Patch Name
Apache Tomcat Connectors信息泄露漏洞的补丁
Patch Description
Apache Tomcat是一款由Apache Foundation维护的免费开放源代码的Java Servlet和JSP服务程序。
Apache Tomcat Connectors 1.2.41之前的版本存在信息泄露漏洞。允许远程攻击者通过未指定向量泄露受限制的数据。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://rhn.redhat.com/errata/RHSA-2015-0848.html
Reference
http://rhn.redhat.com/errata/RHSA-2015-0848.html
Impacted products
| Name | Apache Tomcat Connectors < 1.2.41 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2014-8111"
}
},
"description": "Apache Tomcat\u662f\u4e00\u6b3e\u7531Apache Foundation\u7ef4\u62a4\u7684\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u7684Java Servlet\u548cJSP\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat Connectors 1.2.41\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u672a\u6307\u5b9a\u5411\u91cf\u6cc4\u9732\u53d7\u9650\u5236\u7684\u6570\u636e\u3002",
"discovererName": "Ondrej Kotek of Red Hat",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://rhn.redhat.com/errata/RHSA-2015-0848.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-02709",
"openTime": "2015-04-24",
"patchDescription": "Apache Tomcat\u662f\u4e00\u6b3e\u7531Apache Foundation\u7ef4\u62a4\u7684\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u7684Java Servlet\u548cJSP\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat Connectors 1.2.41\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u672a\u6307\u5b9a\u5411\u91cf\u6cc4\u9732\u53d7\u9650\u5236\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Tomcat Connectors\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache Tomcat Connectors \u003c 1.2.41"
},
"referenceLink": "http://rhn.redhat.com/errata/RHSA-2015-0848.html",
"serverity": "\u4e2d",
"submitTime": "2015-04-23",
"title": "Apache Tomcat Connectors\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2014-8111
Vulnerability from fkie_nvd - Published: 2015-04-21 17:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tomcat_connectors | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9136A4-5A30-43DD-A9F6-27D486F431AD",
"versionEndIncluding": "1.2.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
},
{
"lang": "es",
"value": "Apache Tomcat Connectors (mod_jk) anterior a 1.2.41 ignora las reglas JkUnmount para los sun\u00e1rboles de anteriores reglas JkMount, lo que permite a atacantes remotos acceder a artefactos de otra forma restringidos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8111",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-21T17:59:01.510",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/74265"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F49P-9MWV-783F
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2025-04-12 12:47
VLAI?
Details
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2014-8111"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-04-21T17:59:00Z",
"severity": "MODERATE"
},
"details": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.",
"id": "GHSA-f49p-9mwv-783f",
"modified": "2025-04-12T12:47:27Z",
"published": "2022-05-14T01:10:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74265"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2014-8111
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-8111",
"description": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.",
"id": "GSD-2014-8111",
"references": [
"https://www.suse.com/security/cve/CVE-2014-8111.html",
"https://www.debian.org/security/2015/dsa-3278",
"https://access.redhat.com/errata/RHEA-2015:1771",
"https://access.redhat.com/errata/RHEA-2015:1770",
"https://access.redhat.com/errata/RHSA-2015:1642",
"https://access.redhat.com/errata/RHSA-2015:1641",
"https://access.redhat.com/errata/RHSA-2015:0849",
"https://access.redhat.com/errata/RHSA-2015:0848",
"https://access.redhat.com/errata/RHSA-2015:0847",
"https://access.redhat.com/errata/RHSA-2015:0846",
"https://advisories.mageia.org/CVE-2014-8111.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-8111"
],
"details": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.",
"id": "GSD-2014-8111",
"modified": "2023-12-13T01:22:49.764707Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "DSA-3278",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:1642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "74265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74265"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat_connectors:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.40",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8111"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "RHSA-2015:1642",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1642.html"
},
{
"name": "RHSA-2015:1641",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1641.html"
},
{
"name": "74265",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/74265"
},
{
"name": "DSA-3278",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2015/dsa-3278"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [30/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-04-15T16:30Z",
"publishedDate": "2015-04-21T17:59Z"
}
}
}
OPENSUSE-SU-2024:10488-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
apache2-mod_jk-1.2.41-1.5 on GA media
Severity
Moderate
Notes
Title of the patch: apache2-mod_jk-1.2.41-1.5 on GA media
Description of the patch: These are all security issues fixed in the apache2-mod_jk-1.2.41-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10488
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache2-mod_jk-1.2.41-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache2-mod_jk-1.2.41-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10488",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10488-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-5519 page",
"url": "https://www.suse.com/security/cve/CVE-2008-5519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8111 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8111/"
}
],
"title": "apache2-mod_jk-1.2.41-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10488-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.41-1.5.aarch64",
"product": {
"name": "apache2-mod_jk-1.2.41-1.5.aarch64",
"product_id": "apache2-mod_jk-1.2.41-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.41-1.5.ppc64le",
"product": {
"name": "apache2-mod_jk-1.2.41-1.5.ppc64le",
"product_id": "apache2-mod_jk-1.2.41-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.41-1.5.s390x",
"product": {
"name": "apache2-mod_jk-1.2.41-1.5.s390x",
"product_id": "apache2-mod_jk-1.2.41-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_jk-1.2.41-1.5.x86_64",
"product": {
"name": "apache2-mod_jk-1.2.41-1.5.x86_64",
"product_id": "apache2-mod_jk-1.2.41-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.41-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64"
},
"product_reference": "apache2-mod_jk-1.2.41-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.41-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le"
},
"product_reference": "apache2-mod_jk-1.2.41-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.41-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x"
},
"product_reference": "apache2-mod_jk-1.2.41-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_jk-1.2.41-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64"
},
"product_reference": "apache2-mod_jk-1.2.41-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-5519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-5519"
}
],
"notes": [
{
"category": "general",
"text": "The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol\u0027s requirements for requests containing Content-Length headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-5519",
"url": "https://www.suse.com/security/cve/CVE-2008-5519"
},
{
"category": "external",
"summary": "SUSE Bug 493575 for CVE-2008-5519",
"url": "https://bugzilla.suse.com/493575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2008-5519"
},
{
"cve": "CVE-2014-8111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8111"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8111",
"url": "https://www.suse.com/security/cve/CVE-2014-8111"
},
{
"category": "external",
"summary": "SUSE Bug 927845 for CVE-2014-8111",
"url": "https://bugzilla.suse.com/927845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.aarch64",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.ppc64le",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.s390x",
"openSUSE Tumbleweed:apache2-mod_jk-1.2.41-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8111"
}
]
}
RHEA-2015:1770
Vulnerability from csaf_redhat - Published: 2015-09-10 16:55 - Updated: 2026-05-14 18:19Summary
Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update
Severity
Moderate
Notes
Topic: Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 7.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
* This enhancement update adds the Red Hat JBoss Web Server 3.0.1 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-111)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
5.0 ()
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
5.0 ()
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.
2.6 ()
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
21 references
Acknowledgments
OpenSSL project
Brian Carpenter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.1 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-111)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2015:1770",
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
},
{
"category": "external",
"summary": "1219752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219752"
},
{
"category": "external",
"summary": "JWS-111",
"url": "https://issues.redhat.com/browse/JWS-111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhea-2015_1770.json"
}
],
"title": "Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update",
"tracking": {
"current_release_date": "2026-05-14T18:19:43+00:00",
"generator": {
"date": "2026-05-14T18:19:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHEA-2015:1770",
"initial_release_date": "2015-09-10T16:55:48+00:00",
"revision_history": [
{
"date": "2015-09-10T16:55:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-10T16:55:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:19:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.0 for RHEL 7",
"product": {
"name": "Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"product": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"product_id": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"product": {
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"product_id": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.40-8.redhat_1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"product": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"product_id": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.18-25_patch_00.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"product": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"product_id": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.59-26_patch_00.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_id": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"product": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_id": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx-debuginfo@0.9.5-5.GA.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_id": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.40-8.redhat_1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_id": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.40-8.redhat_1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_id": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap24@1.2.40-8.redhat_1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"product": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_id": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3-debuginfo@2.8.0-6.GA.ep7.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64"
},
"product_reference": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src"
},
"product_reference": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src"
},
"product_reference": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64"
},
"product_reference": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64"
},
"product_reference": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64"
},
"product_reference": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src"
},
"product_reference": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src"
},
"product_reference": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0230",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2015-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191200"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0230"
},
{
"category": "external",
"summary": "RHBZ#1191200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
"url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9"
}
],
"release_date": "2014-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:55:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: non-persistent DoS attack by feeding data by aborting an upload"
},
{
"cve": "CVE-2014-8111",
"discovery_date": "2015-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1182591"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Application Platform 4 and 5, and Red Hat JBoss Web Server 1. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/.\n\nThis issue did not affect Red Hat JBoss Web Server 3.x. This issue does affect Red Hat JBoss Web Server 2.x; a future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8111"
},
{
"category": "external",
"summary": "RHBZ#1182591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8111",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:55:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing"
},
{
"acknowledgments": [
{
"names": [
"OpenSSL project"
]
},
{
"names": [
"Brian Carpenter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-0288",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2015-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1202418"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in OpenSSL\u0027s X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X509_to_X509_REQ NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0288"
},
{
"category": "external",
"summary": "RHBZ#1202418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/1384453",
"url": "https://access.redhat.com/articles/1384453"
},
{
"category": "external",
"summary": "https://openssl.org/news/secadv_20150319.txt",
"url": "https://openssl.org/news/secadv_20150319.txt"
}
],
"release_date": "2015-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:55:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: X509_to_X509_REQ NULL pointer dereference"
}
]
}
RHEA-2015:1771
Vulnerability from csaf_redhat - Published: 2015-09-10 16:54 - Updated: 2026-05-14 18:19Summary
Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update
Severity
Moderate
Notes
Topic: Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 6.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
* This enhancement update adds the Red Hat JBoss Web Server 3.0.1 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-110)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
5.0 ()
Affected products
Fixed
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
5.0 ()
Affected products
Fixed
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.
2.6 ()
Affected products
Fixed
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
21 references
Acknowledgments
OpenSSL project
Brian Carpenter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 6.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.1 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-110)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2015:1771",
"url": "https://access.redhat.com/errata/RHEA-2015:1771"
},
{
"category": "external",
"summary": "1219753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219753"
},
{
"category": "external",
"summary": "JWS-110",
"url": "https://issues.redhat.com/browse/JWS-110"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhea-2015_1771.json"
}
],
"title": "Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update",
"tracking": {
"current_release_date": "2026-05-14T18:19:40+00:00",
"generator": {
"date": "2026-05-14T18:19:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHEA-2015:1771",
"initial_release_date": "2015-09-10T16:54:46+00:00",
"revision_history": [
{
"date": "2015-09-10T16:54:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-10T16:54:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:19:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.0 for RHEL 6",
"product": {
"name": "Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.1-8.Final_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.1-8.Final_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product_id": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.1-8.Final_redhat_3.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.18-25_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.59-26_patch_00.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"product": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"product_id": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.1-8.Final_redhat_3.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"product": {
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"product_id": "mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.40-8.redhat_1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"product": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"product_id": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.18-25_patch_00.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"product": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"product_id": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.59-26_patch_00.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"product": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"product_id": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx-debuginfo@0.9.5-5.GA.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product_id": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.40-8.redhat_1.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product_id": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap24@1.2.40-8.redhat_1.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product_id": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.40-8.redhat_1.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"product": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"product_id": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3-debuginfo@2.8.0-6.GA.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"product": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"product_id": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx-debuginfo@0.9.5-5.GA.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product_id": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.40-8.redhat_1.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product_id": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap24@1.2.40-8.redhat_1.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product_id": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.40-8.redhat_1.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"product": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"product_id": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3-debuginfo@2.8.0-6.GA.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686"
},
"product_reference": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64"
},
"product_reference": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src"
},
"product_reference": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src"
},
"product_reference": "mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686"
},
"product_reference": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64"
},
"product_reference": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686"
},
"product_reference": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64"
},
"product_reference": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686"
},
"product_reference": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686"
},
"product_reference": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64"
},
"product_reference": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src"
},
"product_reference": "tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src"
},
"product_reference": "tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 6",
"product_id": "6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0230",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2015-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191200"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0230"
},
{
"category": "external",
"summary": "RHBZ#1191200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
"url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9"
}
],
"release_date": "2014-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:54:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1771"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: non-persistent DoS attack by feeding data by aborting an upload"
},
{
"cve": "CVE-2014-8111",
"discovery_date": "2015-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1182591"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Application Platform 4 and 5, and Red Hat JBoss Web Server 1. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/.\n\nThis issue did not affect Red Hat JBoss Web Server 3.x. This issue does affect Red Hat JBoss Web Server 2.x; a future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8111"
},
{
"category": "external",
"summary": "RHBZ#1182591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8111",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:54:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1771"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing"
},
{
"acknowledgments": [
{
"names": [
"OpenSSL project"
]
},
{
"names": [
"Brian Carpenter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-0288",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2015-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1202418"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in OpenSSL\u0027s X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X509_to_X509_REQ NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0288"
},
{
"category": "external",
"summary": "RHBZ#1202418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/1384453",
"url": "https://access.redhat.com/articles/1384453"
},
{
"category": "external",
"summary": "https://openssl.org/news/secadv_20150319.txt",
"url": "https://openssl.org/news/secadv_20150319.txt"
}
],
"release_date": "2015-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:54:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1771"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el6.src",
"6Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el6.noarch",
"6Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el6.src",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.i686",
"6Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.src",
"6Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.i686",
"6Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el6.x86_64",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el6.src",
"6Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el6.noarch",
"6Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: X509_to_X509_REQ NULL pointer dereference"
}
]
}
RHEA-2015_1770
Vulnerability from csaf_redhat - Published: 2015-09-10 16:55 - Updated: 2024-11-25 12:04Summary
Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update
Severity
Moderate
Notes
Topic: Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 7.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
* This enhancement update adds the Red Hat JBoss Web Server 3.0.1 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-111)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
5.0 ()
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
5.0 ()
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.
2.6 ()
Affected products
Fixed
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
21 references
Acknowledgments
OpenSSL project
Brian Carpenter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 7.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.0.1 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-111)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2015:1770",
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
},
{
"category": "external",
"summary": "1219752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219752"
},
{
"category": "external",
"summary": "JWS-111",
"url": "https://issues.redhat.com/browse/JWS-111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhea-2015_1770.json"
}
],
"title": "Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update",
"tracking": {
"current_release_date": "2024-11-25T12:04:42+00:00",
"generator": {
"date": "2024-11-25T12:04:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2015:1770",
"initial_release_date": "2015-09-10T16:55:48+00:00",
"revision_history": [
{
"date": "2015-09-10T16:55:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-10T16:55:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T12:04:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.0 for RHEL 7",
"product": {
"name": "Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"product": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"product_id": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"product": {
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"product_id": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk@1.2.40-8.redhat_1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"product": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"product_id": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.18-25_patch_00.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"product": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"product_id": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.59-26_patch_00.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_id": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.1-8.Final_redhat_3.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_id": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.18-25_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.59-26_patch_00.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"product": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_id": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx-debuginfo@0.9.5-5.GA.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"product": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_id": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_bmx@0.9.5-5.GA.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_id": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-manual@1.2.40-8.redhat_1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_id": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.40-8.redhat_1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_id": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_jk-ap24@1.2.40-8.redhat_1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"product": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_id": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3@2.8.0-6.GA.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"product": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_id": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_security-jws3-debuginfo@2.8.0-6.GA.ep7.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64"
},
"product_reference": "mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64"
},
"product_reference": "mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src"
},
"product_reference": "mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src"
},
"product_reference": "mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64"
},
"product_reference": "mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64"
},
"product_reference": "mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64"
},
"product_reference": "mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64"
},
"product_reference": "mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64"
},
"product_reference": "mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src"
},
"product_reference": "tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src"
},
"product_reference": "tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.0 for RHEL 7",
"product_id": "7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0230",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2015-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191200"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0230"
},
{
"category": "external",
"summary": "RHBZ#1191200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
"url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9"
}
],
"release_date": "2014-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:55:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: non-persistent DoS attack by feeding data by aborting an upload"
},
{
"cve": "CVE-2014-8111",
"discovery_date": "2015-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1182591"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Application Platform 4 and 5, and Red Hat JBoss Web Server 1. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/.\n\nThis issue did not affect Red Hat JBoss Web Server 3.x. This issue does affect Red Hat JBoss Web Server 2.x; a future update may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-8111"
},
{
"category": "external",
"summary": "RHBZ#1182591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-8111",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8111"
}
],
"release_date": "2015-04-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:55:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing"
},
{
"acknowledgments": [
{
"names": [
"OpenSSL project"
]
},
{
"names": [
"Brian Carpenter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-0288",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2015-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1202418"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in OpenSSL\u0027s X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: X509_to_X509_REQ NULL pointer dereference",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0288"
},
{
"category": "external",
"summary": "RHBZ#1202418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0288"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/1384453",
"url": "https://access.redhat.com/articles/1384453"
},
{
"category": "external",
"summary": "https://openssl.org/news/secadv_20150319.txt",
"url": "https://openssl.org/news/secadv_20150319.txt"
}
],
"release_date": "2015-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T16:55:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2015:1770"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_bmx-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_bmx-debuginfo-0:0.9.5-5.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-0:1.3.1-8.Final_redhat_3.1.ep7.el7.src",
"7Server-JWS-3.0:mod_cluster-tomcat7-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_cluster-tomcat8-0:1.3.1-8.Final_redhat_3.1.ep7.el7.noarch",
"7Server-JWS-3.0:mod_jk-0:1.2.40-8.redhat_1.ep7.el7.src",
"7Server-JWS-3.0:mod_jk-ap24-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-debuginfo-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_jk-manual-0:1.2.40-8.redhat_1.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.src",
"7Server-JWS-3.0:mod_security-jws3-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:mod_security-jws3-debuginfo-0:2.8.0-6.GA.ep7.el7.x86_64",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-0:7.0.59-26_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat7-admin-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-docs-webapp-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-el-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-javadoc-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-jsp-2.2-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-lib-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-log4j-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-servlet-3.0-api-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat7-webapps-0:7.0.59-26_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-0:8.0.18-25_patch_00.ep7.el7.src",
"7Server-JWS-3.0:tomcat8-admin-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-docs-webapp-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-el-2.2-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-javadoc-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-jsp-2.3-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-lib-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-log4j-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-servlet-3.1-api-0:8.0.18-25_patch_00.ep7.el7.noarch",
"7Server-JWS-3.0:tomcat8-webapps-0:8.0.18-25_patch_00.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: X509_to_X509_REQ NULL pointer dereference"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…