Action not permitted
Modal body text goes here.
cve-2016-3092
Vulnerability from cvelistv5
Published
2016-07-04 22:00
Modified
2024-08-05 23:40
Severity
Summary
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000121",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T07:06:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "JVNDB-2016-000121",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000121",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91453"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039606"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3092",
"datePublished": "2016-07-04T22:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-3092\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-07-04T22:59:04.303\",\"lastModified\":\"2023-12-08T16:41:18.860\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.\"},{\"lang\":\"es\",\"value\":\"La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versiones anteriores a 8.5.3 y 9.x en versiones anteriores a 9.0.0.M7 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una cadena de l\u00edmite largo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE418D71-EAD6-4BB6-B6D6-88CE0FFA5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"531FE660-C1A9-4C83-90BE-E38AA493D4F7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1902D2E-1896-4D3D-9E1C-3A675255072C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"454211D0-60A2-4661-AECA-4C0121413FEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EA7199-3373-4F97-9907-3A479A02155E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4693BD36-E522-4C8E-9667-8F3E14A05EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A358FDF-C249-4D7A-9445-8B9E7D9D40AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF96F96-34DB-4EB3-BF59-11220673FA26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDF3E379-47D2-4C86-8C6D-8B3C25A0E1C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E008F8-2F01-4DD8-853A-337B4B4163C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"701424A2-BB06-44B5-B468-7164E4F95529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BA6388C-5B6E-4651-8AE3-EBCCF61C27E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F9A5B7E-33A9-4651-9BE1-371A0064B661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F99252E8-A59C-48E1-B251-718D7FB3E399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0DDEF6-A8EE-46C4-A046-A1F26E7C4E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14B38892-9C00-4510-B7BA-F2A8F2CACCAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7409B064-D43E-489E-AEC6-0A767FB21737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F019268F-80C4-48FE-8164-E9DA0A3BAFF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EFBD214-FCFE-4F04-A903-66EFDA764B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425D86B3-6BB9-410D-8125-F7CF87290AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE3BB0D-1002-41E4-9BE8-875D97330057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6622472B-8644-4D45-A54B-A215C3D64B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B338F95B-2924-435B-827F-E64420A93244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"209D1349-7740-4DBE-80A5-E6343C62BAB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E77C24-C265-403D-A193-B3739713F6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28616FA3-9A98-4AAE-9F94-3E77A14156EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"603A14BF-72BB-4A3D-8CBC-932DC45CEC06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C2E1C55-3C89-4F26-A981-1195BCC9BB5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31BB906B-812F-462C-9AEE-147C1418D865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A7FC28-A0EC-4516-9776-700343D2F4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D811A9-4988-4C11-AA27-F5BE2B93D8D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"63CCC942-8906-421A-A1C8-E105B54912D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1B937B-57E0-4E88-9E39-39012A924525\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7144EDDF-8265-4642-8EEB-ED52527E0A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF06B5C1-B9DD-4673-A101-56E1E593ACDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D850EA-E537-42C8-93B9-96E15CB26747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E037DA05-2BEF-4F64-B8BB-307247B6A05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D395D95B-1F4A-420E-A0F6-609360AF7B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD221BA-0AB6-4972-8AD9-5D37AC07762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B6565-96CB-4F6A-9A80-C3FB82F30546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3300AFE-49A4-4904-B9A0-5679F09FA01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6109D1-BC36-40C5-A02A-7AEBC949BAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8A7333-B4C3-4876-AE01-62F2FD315504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92993E23-D805-407B-8B87-11CEEE8B212F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C947E549-2459-4AFB-84A7-36BDA30B5F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D55DF79-F9BE-4907-A4D8-96C4B11189ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AB5787-82D7-4F78-BE93-4556AB7A7D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E9453E-BC9B-4F77-85FA-BA15AC55C245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7EF0518-73F9-47DB-8946-A8334936BEFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95AA8778-7833-4572-A71B-5FD89938CE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"242E47CE-EF69-4F8F-AB40-5AF2811674CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA1555C-E55A-4E14-B786-BFEE3F09220B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8075E9A-DA7F-4A0B-8B4D-0CD951369111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335A5320-6086-4B45-9903-82F6F92A584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46B33408-C2E2-4E7C-9334-6AB98F13468C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F036676-9EFB-4A92-828E-A38905D594E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9728EE8-6029-4DF3-942E-E4ACC09111A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E7DAC8-8419-45D1-A28F-14CF2FE1B6EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B87EB5-4902-4C2A-878A-45185F7D0FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0596E6C-9ACE-4106-A2FF-BED7967C323F\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN89379547/index.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121\",\"source\":\"secalert@redhat.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2068.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2069.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2070.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2071.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2072.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2599.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2807.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2808.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0457.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743480\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743722\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743738\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743742\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-9.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3609\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3611\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3614\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/91453\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036427\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1036900\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1037029\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1039606\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3024-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3027-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0455\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0456\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1349468\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201705-09\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-39\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190212-0001/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
gsd-2016-3092
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-3092",
"description": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"id": "GSD-2016-3092",
"references": [
"https://www.suse.com/security/cve/CVE-2016-3092.html",
"https://www.debian.org/security/2016/dsa-3614",
"https://www.debian.org/security/2016/dsa-3611",
"https://www.debian.org/security/2016/dsa-3609",
"https://access.redhat.com/errata/RHSA-2017:0457",
"https://access.redhat.com/errata/RHSA-2017:0456",
"https://access.redhat.com/errata/RHSA-2017:0455",
"https://access.redhat.com/errata/RHSA-2016:2808",
"https://access.redhat.com/errata/RHSA-2016:2807",
"https://access.redhat.com/errata/RHSA-2016:2599",
"https://access.redhat.com/errata/RHSA-2016:2072",
"https://access.redhat.com/errata/RHSA-2016:2071",
"https://access.redhat.com/errata/RHSA-2016:2070",
"https://access.redhat.com/errata/RHSA-2016:2069",
"https://access.redhat.com/errata/RHSA-2016:2068",
"https://ubuntu.com/security/CVE-2016-3092",
"https://advisories.mageia.org/CVE-2016-3092.html",
"https://alas.aws.amazon.com/cve/html/CVE-2016-3092.html",
"https://linux.oracle.com/cve/CVE-2016-3092.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-3092"
],
"details": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"id": "GSD-2016-3092",
"modified": "2023-12-13T01:21:27.228702Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000121",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91453"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039606"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-39"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.3-alpha0,1.3.1],[1.2-alpha0,1.2.2]",
"affected_versions": "All versions starting from 1.3-alpha0 up to 1.3.1, all versions starting from 1.2-alpha0 up to 1.2.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-04-23",
"description": "The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"fixed_versions": [
"1.3.2"
],
"identifier": "CVE-2016-3092",
"identifiers": [
"CVE-2016-3092"
],
"not_impacted": "All versions before 1.3-alpha0, all versions after 1.3.1, all versions before 1.2-alpha0, all versions after 1.2.2",
"package_slug": "maven/commons-fileupload/commons-fileupload",
"pubdate": "2016-07-04",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Denial of Service",
"urls": [
"http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E",
"http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717\u0026r2=1749637\u0026diff_format=h",
"http://tomcat.apache.org/security.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1349475",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092"
],
"uuid": "1df388fd-e11b-4b96-8338-72344fc10180"
},
{
"affected_range": "[7-alpha0,7.0.69],[8.0-alpha0,8.0.35],[8.5-alpha0,8.5.2],[9-alpha0,9.0.0.M7]",
"affected_versions": "All versions starting from 7-alpha0 up to 7.0.69, all versions starting from 8.0-alpha0 up to 8.0.35, all versions starting from 8.5-alpha0 up to 8.5.2, all versions starting from 9-alpha0 up to 9.0.0.m7",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-04-23",
"description": "The MultipartStream class in this package allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"fixed_versions": [
"7.0.70",
"8.0.36",
"8.5.3",
"9.0.0.M8"
],
"identifier": "CVE-2016-3092",
"identifiers": [
"CVE-2016-3092"
],
"not_impacted": "all versions before 7-alpha0, all versions after 7.0.69, all versions before 8.0-alpha0, all versions after 8.0.35, all versions before 8.5-alpha0, all versions after 8.5.2, all versions before 9-alpha0, all versions after 9.0.0.m7",
"package_slug": "maven/org.apache.tomcat/tomcat-catalina",
"pubdate": "2016-07-04",
"solution": "Upgrade to versions 7.0.70, 8.0.36, 8.5.3, 9.0.0.M8 or above.",
"title": "Denial of Service",
"urls": [
"http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E",
"http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717\u0026r2=1749637\u0026diff_format=h",
"http://tomcat.apache.org/security.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1349475",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092"
],
"uuid": "e2564cd4-980f-4a39-922f-d306aefce08e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3092"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "JVNDB-2016-000121",
"refsource": "JVNDB",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "JVN#89379547",
"refsource": "JVN",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"refsource": "MLIST",
"tags": [
"Mailing List"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "DSA-3614",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"name": "USN-3027-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "DSA-3611",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"name": "DSA-3609",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "USN-3024-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "91453",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91453"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
"refsource": "CONFIRM",
"tags": [],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource": "CONFIRM",
"tags": [],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"name": "openSUSE-SU-2016:2252",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name": "1037029",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "1036900",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "1036427",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1039606",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1039606"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "RHSA-2016:2807",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"name": "RHSA-2016:2599",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "RHSA-2016:2072",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"name": "RHSA-2016:2071",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "RHSA-2016:2070",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2016:2069",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "RHSA-2016:2068",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "",
"tags": [],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "",
"tags": [],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-12-08T16:41Z",
"publishedDate": "2016-07-04T22:59Z"
}
}
}
rhsa-2016_2070
Vulnerability from csaf_redhat
Published
2016-10-17 18:35
Modified
2024-09-13 11:33
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements.
All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.\n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2070",
"url": "https://access.redhat.com/errata/RHSA-2016:2070"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1375626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375626"
},
{
"category": "external",
"summary": "1376066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376066"
},
{
"category": "external",
"summary": "1376186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376186"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2070.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5",
"tracking": {
"current_release_date": "2024-09-13T11:33:05+00:00",
"generator": {
"date": "2024-09-13T11:33:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2070",
"initial_release_date": "2016-10-17T18:35:09+00:00",
"revision_history": [
{
"date": "2016-10-17T18:35:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T18:35:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T11:33:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2070"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2016_2072
Vulnerability from csaf_redhat
Published
2016-10-17 19:15
Modified
2024-09-13 11:33
Summary
Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11
Notes
Topic
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Enhancement(s):
* The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.11.
Users of EAP 6.4.10 jboss-ec2-eap are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution.\n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\nEnhancement(s):\n\n* The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.11.\n\nUsers of EAP 6.4.10 jboss-ec2-eap are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2072",
"url": "https://access.redhat.com/errata/RHSA-2016:2072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2072.json"
}
],
"title": "Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11",
"tracking": {
"current_release_date": "2024-09-13T11:33:34+00:00",
"generator": {
"date": "2024-09-13T11:33:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2072",
"initial_release_date": "2016-10-17T19:15:20+00:00",
"revision_history": [
{
"date": "2016-10-17T19:15:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T19:15:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T11:33:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap-samples@7.5.11-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.11-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"product": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"product_id": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.11-1.Final_redhat_1.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src"
},
"product_reference": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2016_2808
Vulnerability from csaf_redhat
Published
2016-11-17 20:32
Modified
2024-09-15 23:05
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7
Notes
Topic
An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for
Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.
Security Fix(es):
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for\nRed Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2808",
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.2"
},
{
"category": "external",
"summary": "1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2808.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"tracking": {
"current_release_date": "2024-09-15T23:05:49+00:00",
"generator": {
"date": "2024-09-15T23:05:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2808",
"initial_release_date": "2016-11-17T20:32:58+00:00",
"revision_history": [
{
"date": "2016-11-17T20:32:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-17T22:03:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-15T23:05:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.1",
"product": {
"name": "Red Hat JBoss Web Server 2.1",
"product_id": "Red Hat JBoss Web Server 2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5346",
"discovery_date": "2014-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311085"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5346"
},
{
"category": "external",
"summary": "RHBZ#1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5346",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/143",
"url": "http://seclists.org/bugtraq/2016/Feb/143"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Session fixation"
},
{
"cve": "CVE-2015-5351",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311076"
}
],
"notes": [
{
"category": "description",
"text": "A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: CSRF token leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5351"
},
{
"category": "external",
"summary": "RHBZ#1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/148",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: CSRF token leak"
},
{
"cve": "CVE-2016-0706",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311087"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via StatusManagerServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0706"
},
{
"category": "external",
"summary": "RHBZ#1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/144",
"url": "http://seclists.org/bugtraq/2016/Feb/144"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via StatusManagerServlet"
},
{
"cve": "CVE-2016-0714",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311082"
}
],
"notes": [
{
"category": "description",
"text": "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security Manager bypass via persistence mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0714"
},
{
"category": "external",
"summary": "RHBZ#1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/145",
"url": "http://seclists.org/bugtraq/2016/Feb/145"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Security Manager bypass via persistence mechanisms"
},
{
"cve": "CVE-2016-0763",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311093"
}
],
"notes": [
{
"category": "description",
"text": "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via setGlobalContext()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0763"
},
{
"category": "external",
"summary": "RHBZ#1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/147",
"url": "http://seclists.org/bugtraq/2016/Feb/147"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: security manager bypass via setGlobalContext()"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2017_0456
Vulnerability from csaf_redhat
Published
2017-03-07 19:06
Modified
2024-09-16 00:12
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update
Notes
Topic
An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0456",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "JWS-268",
"url": "https://issues.redhat.com/browse/JWS-268"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_0456.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update",
"tracking": {
"current_release_date": "2024-09-16T00:12:37+00:00",
"generator": {
"date": "2024-09-16T00:12:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2017:0456",
"initial_release_date": "2017-03-07T19:06:06+00:00",
"revision_history": [
{
"date": "2017-03-07T19:06:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-07T19:06:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T00:12:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.1 for RHEL 7",
"product": {
"name": "Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-envers-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-c3p0-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-core-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-entitymanager-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-3.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-17.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el7.src",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.src",
"product_id": "tomcat7-0:7.0.70-16.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el7.src",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.src",
"product_id": "tomcat8-0:8.0.36-17.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.0.15-17.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-9.redhat_9.ep7.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0762",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390526"
}
],
"notes": [
{
"category": "description",
"text": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: timing attack in Realm implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0762"
},
{
"category": "external",
"summary": "RHBZ#1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: timing attack in Realm implementation"
},
{
"cve": "CVE-2016-1240",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376712"
}
],
"notes": [
{
"category": "description",
"text": "It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1240"
},
{
"category": "external",
"summary": "RHBZ#1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240"
},
{
"category": "external",
"summary": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt",
"url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
},
{
"cve": "CVE-2016-5018",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390525"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via IntrospectHelper utility function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5018"
},
{
"category": "external",
"summary": "RHBZ#1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via IntrospectHelper utility function"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-6325",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1367447"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: tomcat writable config files allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"category": "external",
"summary": "RHBZ#1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325"
}
],
"release_date": "2016-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: tomcat writable config files allow privilege escalation"
},
{
"cve": "CVE-2016-6794",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390520"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when a SecurityManager was configured, Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: system property disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6794"
},
{
"category": "external",
"summary": "RHBZ#1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: system property disclosure"
},
{
"cve": "CVE-2016-6796",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390515"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via JSP Servlet config parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6796"
},
{
"category": "external",
"summary": "RHBZ#1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via JSP Servlet config parameters"
},
{
"cve": "CVE-2016-6797",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390493"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unrestricted access to global resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6797"
},
{
"category": "external",
"summary": "RHBZ#1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: unrestricted access to global resources"
},
{
"cve": "CVE-2016-6816",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397484"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6816"
},
{
"category": "external",
"summary": "RHBZ#1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2991951",
"url": "https://access.redhat.com/articles/2991951"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2891171",
"url": "https://access.redhat.com/solutions/2891171"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests"
},
{
"cve": "CVE-2016-8735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397485"
}
],
"notes": [
{
"category": "description",
"text": "The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8735"
},
{
"category": "external",
"summary": "RHBZ#1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener"
},
{
"cve": "CVE-2016-8745",
"discovery_date": "2016-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1403824"
}
],
"notes": [
{
"category": "description",
"text": "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: information disclosure due to incorrect Processor sharing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8745"
},
{
"category": "external",
"summary": "RHBZ#1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9"
}
],
"release_date": "2016-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: information disclosure due to incorrect Processor sharing"
}
]
}
rhsa-2017_0455
Vulnerability from csaf_redhat
Published
2017-03-07 19:06
Modified
2024-09-16 00:12
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update
Notes
Topic
An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0455",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "JWS-267",
"url": "https://issues.redhat.com/browse/JWS-267"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_0455.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update",
"tracking": {
"current_release_date": "2024-09-16T00:12:31+00:00",
"generator": {
"date": "2024-09-16T00:12:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2017:0455",
"initial_release_date": "2017-03-07T19:06:40+00:00",
"revision_history": [
{
"date": "2017-03-07T19:06:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-07T19:06:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T00:12:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.1 for RHEL 6",
"product": {
"name": "Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-envers-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-c3p0-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-core-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-entitymanager-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-3.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-17.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el6.src",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.src",
"product_id": "tomcat7-0:7.0.70-16.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el6.src",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.src",
"product_id": "tomcat8-0:8.0.36-17.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.0.15-17.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-9.redhat_9.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.0.15-17.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_id": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-9.redhat_9.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686"
},
"product_reference": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0762",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390526"
}
],
"notes": [
{
"category": "description",
"text": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: timing attack in Realm implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0762"
},
{
"category": "external",
"summary": "RHBZ#1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: timing attack in Realm implementation"
},
{
"cve": "CVE-2016-1240",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376712"
}
],
"notes": [
{
"category": "description",
"text": "It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1240"
},
{
"category": "external",
"summary": "RHBZ#1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240"
},
{
"category": "external",
"summary": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt",
"url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
},
{
"cve": "CVE-2016-5018",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390525"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via IntrospectHelper utility function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5018"
},
{
"category": "external",
"summary": "RHBZ#1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via IntrospectHelper utility function"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-6325",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1367447"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: tomcat writable config files allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"category": "external",
"summary": "RHBZ#1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325"
}
],
"release_date": "2016-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: tomcat writable config files allow privilege escalation"
},
{
"cve": "CVE-2016-6794",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390520"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when a SecurityManager was configured, Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: system property disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6794"
},
{
"category": "external",
"summary": "RHBZ#1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: system property disclosure"
},
{
"cve": "CVE-2016-6796",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390515"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via JSP Servlet config parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6796"
},
{
"category": "external",
"summary": "RHBZ#1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via JSP Servlet config parameters"
},
{
"cve": "CVE-2016-6797",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390493"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unrestricted access to global resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6797"
},
{
"category": "external",
"summary": "RHBZ#1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: unrestricted access to global resources"
},
{
"cve": "CVE-2016-6816",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397484"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6816"
},
{
"category": "external",
"summary": "RHBZ#1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2991951",
"url": "https://access.redhat.com/articles/2991951"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2891171",
"url": "https://access.redhat.com/solutions/2891171"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests"
},
{
"cve": "CVE-2016-8735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397485"
}
],
"notes": [
{
"category": "description",
"text": "The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8735"
},
{
"category": "external",
"summary": "RHBZ#1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener"
},
{
"cve": "CVE-2016-8745",
"discovery_date": "2016-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1403824"
}
],
"notes": [
{
"category": "description",
"text": "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: information disclosure due to incorrect Processor sharing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8745"
},
{
"category": "external",
"summary": "RHBZ#1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9"
}
],
"release_date": "2016-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: information disclosure due to incorrect Processor sharing"
}
]
}
rhsa-2016_2599
Vulnerability from csaf_redhat
Published
2016-11-03 08:12
Modified
2024-09-15 23:06
Summary
Red Hat Security Advisory: tomcat security, bug fix, and enhancement update
Notes
Topic
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)
Security Fix(es):
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)
* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2599",
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html"
},
{
"category": "external",
"summary": "1133070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1133070"
},
{
"category": "external",
"summary": "1201409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201409"
},
{
"category": "external",
"summary": "1208402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208402"
},
{
"category": "external",
"summary": "1221896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221896"
},
{
"category": "external",
"summary": "1229476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229476"
},
{
"category": "external",
"summary": "1240279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240279"
},
{
"category": "external",
"summary": "1265698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265698"
},
{
"category": "external",
"summary": "1277197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277197"
},
{
"category": "external",
"summary": "1287928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287928"
},
{
"category": "external",
"summary": "1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "1311089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311089"
},
{
"category": "external",
"summary": "1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "1311622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311622"
},
{
"category": "external",
"summary": "1320853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320853"
},
{
"category": "external",
"summary": "1327326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327326"
},
{
"category": "external",
"summary": "1347774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347774"
},
{
"category": "external",
"summary": "1347860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347860"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2599.json"
}
],
"title": "Red Hat Security Advisory: tomcat security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-09-15T23:06:00+00:00",
"generator": {
"date": "2024-09-15T23:06:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2599",
"initial_release_date": "2016-11-03T08:12:12+00:00",
"revision_history": [
{
"date": "2016-11-03T08:12:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T08:12:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-15T23:06:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-lib-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-javadoc@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsvc@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@7.0.69-10.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-0:7.0.69-10.el7.src",
"product": {
"name": "tomcat-0:7.0.69-10.el7.src",
"product_id": "tomcat-0:7.0.69-10.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.69-10.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0230",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2015-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191200"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0230"
},
{
"category": "external",
"summary": "RHBZ#1191200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
"url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9"
}
],
"release_date": "2014-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: non-persistent DoS attack by feeding data by aborting an upload"
},
{
"cve": "CVE-2015-5174",
"discovery_date": "2015-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1265698"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: URL Normalization issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5174"
},
{
"category": "external",
"summary": "RHBZ#1265698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5174"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/149",
"url": "http://seclists.org/bugtraq/2016/Feb/149"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: URL Normalization issue"
},
{
"cve": "CVE-2015-5345",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311089"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: directory disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5345"
},
{
"category": "external",
"summary": "RHBZ#1311089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5345",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5345"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/146",
"url": "http://seclists.org/bugtraq/2016/Feb/146"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: directory disclosure"
},
{
"cve": "CVE-2015-5351",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311076"
}
],
"notes": [
{
"category": "description",
"text": "A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: CSRF token leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5351"
},
{
"category": "external",
"summary": "RHBZ#1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/148",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: CSRF token leak"
},
{
"cve": "CVE-2016-0706",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311087"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via StatusManagerServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0706"
},
{
"category": "external",
"summary": "RHBZ#1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/144",
"url": "http://seclists.org/bugtraq/2016/Feb/144"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via StatusManagerServlet"
},
{
"cve": "CVE-2016-0714",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311082"
}
],
"notes": [
{
"category": "description",
"text": "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security Manager bypass via persistence mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0714"
},
{
"category": "external",
"summary": "RHBZ#1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/145",
"url": "http://seclists.org/bugtraq/2016/Feb/145"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Security Manager bypass via persistence mechanisms"
},
{
"cve": "CVE-2016-0763",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311093"
}
],
"notes": [
{
"category": "description",
"text": "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via setGlobalContext()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0763"
},
{
"category": "external",
"summary": "RHBZ#1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/147",
"url": "http://seclists.org/bugtraq/2016/Feb/147"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: security manager bypass via setGlobalContext()"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2016_2071
Vulnerability from csaf_redhat
Published
2016-10-17 18:14
Modified
2024-09-13 11:33
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release of Red Hat JBoss Enterprise Application Platform 6.4.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. \n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2071",
"url": "https://access.redhat.com/errata/RHSA-2016:2071"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2071.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update",
"tracking": {
"current_release_date": "2024-09-13T11:33:24+00:00",
"generator": {
"date": "2024-09-13T11:33:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2071",
"initial_release_date": "2016-10-17T18:14:58+00:00",
"revision_history": [
{
"date": "2016-10-17T18:14:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:38:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T11:33:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4",
"product_id": "Red Hat JBoss Enterprise Application Platform 6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2071"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2016_2807
Vulnerability from csaf_redhat
Published
2016-11-17 20:33
Modified
2024-09-15 23:05
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.
Security Fix(es):
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2807",
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2807.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"tracking": {
"current_release_date": "2024-09-15T23:05:45+00:00",
"generator": {
"date": "2024-09-15T23:05:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2807",
"initial_release_date": "2016-11-17T20:33:11+00:00",
"revision_history": [
{
"date": "2016-11-17T20:33:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-17T21:53:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-15T23:05:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5346",
"discovery_date": "2014-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311085"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5346"
},
{
"category": "external",
"summary": "RHBZ#1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5346",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/143",
"url": "http://seclists.org/bugtraq/2016/Feb/143"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Session fixation"
},
{
"cve": "CVE-2015-5351",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311076"
}
],
"notes": [
{
"category": "description",
"text": "A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: CSRF token leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5351"
},
{
"category": "external",
"summary": "RHBZ#1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/148",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: CSRF token leak"
},
{
"cve": "CVE-2016-0706",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311087"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via StatusManagerServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0706"
},
{
"category": "external",
"summary": "RHBZ#1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/144",
"url": "http://seclists.org/bugtraq/2016/Feb/144"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via StatusManagerServlet"
},
{
"cve": "CVE-2016-0714",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311082"
}
],
"notes": [
{
"category": "description",
"text": "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security Manager bypass via persistence mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0714"
},
{
"category": "external",
"summary": "RHBZ#1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/145",
"url": "http://seclists.org/bugtraq/2016/Feb/145"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Security Manager bypass via persistence mechanisms"
},
{
"cve": "CVE-2016-0763",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311093"
}
],
"notes": [
{
"category": "description",
"text": "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via setGlobalContext()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0763"
},
{
"category": "external",
"summary": "RHBZ#1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/147",
"url": "http://seclists.org/bugtraq/2016/Feb/147"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: security manager bypass via setGlobalContext()"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2016_2069
Vulnerability from csaf_redhat
Published
2016-10-17 18:36
Modified
2024-09-13 11:33
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. \n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.\n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2069",
"url": "https://access.redhat.com/errata/RHSA-2016:2069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1375627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375627"
},
{
"category": "external",
"summary": "1376067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376067"
},
{
"category": "external",
"summary": "1376187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376187"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2069.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7",
"tracking": {
"current_release_date": "2024-09-13T11:33:28+00:00",
"generator": {
"date": "2024-09-13T11:33:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2069",
"initial_release_date": "2016-10-17T18:36:30+00:00",
"revision_history": [
{
"date": "2016-10-17T18:36:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T18:36:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T11:33:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2069"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src",
"7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.noarch",
"7Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2016_2068
Vulnerability from csaf_redhat
Published
2016-10-17 18:45
Modified
2024-09-13 11:33
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. \n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.\n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2068",
"url": "https://access.redhat.com/errata/RHSA-2016:2068"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1375625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375625"
},
{
"category": "external",
"summary": "1376065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376065"
},
{
"category": "external",
"summary": "1376185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376185"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_2068.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6",
"tracking": {
"current_release_date": "2024-09-13T11:33:18+00:00",
"generator": {
"date": "2024-09-13T11:33:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2016:2068",
"initial_release_date": "2016-10-17T18:45:13+00:00",
"revision_history": [
{
"date": "2016-10-17T18:45:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T18:45:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T11:33:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2068"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src",
"6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.noarch",
"6Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el6.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
rhsa-2017_0457
Vulnerability from csaf_redhat
Published
2017-03-07 19:05
Modified
2024-09-16 00:12
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update
Notes
Topic
An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
* This enhancement update adds the Red Hat JBoss Web Server 3.1.0. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0457",
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=3.1.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/httpoxy",
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2435491",
"url": "https://access.redhat.com/solutions/2435491"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_0457.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update",
"tracking": {
"current_release_date": "2024-09-16T00:12:42+00:00",
"generator": {
"date": "2024-09-16T00:12:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2017:0457",
"initial_release_date": "2017-03-07T19:05:59+00:00",
"revision_history": [
{
"date": "2017-03-07T19:05:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-07T19:05:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T00:12:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.1",
"product": {
"name": "Red Hat JBoss Web Server 3.1",
"product_id": "Red Hat JBoss Web Server 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0762",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390526"
}
],
"notes": [
{
"category": "description",
"text": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: timing attack in Realm implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0762"
},
{
"category": "external",
"summary": "RHBZ#1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: timing attack in Realm implementation"
},
{
"cve": "CVE-2016-1240",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376712"
}
],
"notes": [
{
"category": "description",
"text": "It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1240"
},
{
"category": "external",
"summary": "RHBZ#1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240"
},
{
"category": "external",
"summary": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt",
"url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
},
{
"cve": "CVE-2016-5018",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390525"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via IntrospectHelper utility function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5018"
},
{
"category": "external",
"summary": "RHBZ#1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via IntrospectHelper utility function"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-6325",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1367447"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: tomcat writable config files allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"category": "external",
"summary": "RHBZ#1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325"
}
],
"release_date": "2016-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: tomcat writable config files allow privilege escalation"
},
{
"cve": "CVE-2016-6794",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390520"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when a SecurityManager was configured, Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: system property disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6794"
},
{
"category": "external",
"summary": "RHBZ#1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: system property disclosure"
},
{
"cve": "CVE-2016-6796",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390515"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via JSP Servlet config parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6796"
},
{
"category": "external",
"summary": "RHBZ#1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via JSP Servlet config parameters"
},
{
"cve": "CVE-2016-6797",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390493"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unrestricted access to global resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6797"
},
{
"category": "external",
"summary": "RHBZ#1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: unrestricted access to global resources"
},
{
"cve": "CVE-2016-6816",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397484"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6816"
},
{
"category": "external",
"summary": "RHBZ#1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2991951",
"url": "https://access.redhat.com/articles/2991951"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2891171",
"url": "https://access.redhat.com/solutions/2891171"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests"
},
{
"cve": "CVE-2016-8735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397485"
}
],
"notes": [
{
"category": "description",
"text": "The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8735"
},
{
"category": "external",
"summary": "RHBZ#1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener"
},
{
"cve": "CVE-2016-8745",
"discovery_date": "2016-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1403824"
}
],
"notes": [
{
"category": "description",
"text": "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: information disclosure due to incorrect Processor sharing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8745"
},
{
"category": "external",
"summary": "RHBZ#1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9"
}
],
"release_date": "2016-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: information disclosure due to incorrect Processor sharing"
}
]
}
cve-2016-3092
Vulnerability from jvndb
Published
2016-06-30 13:53
Modified
2018-01-29 10:30
Severity
Summary
Apache Commons FileUpload vulnerable to denial-of-service (DoS)
Details
Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS).
TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN89379547/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092 |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3092 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000121.html",
"dc:date": "2018-01-29T10:30+09:00",
"dcterms:issued": "2016-06-30T13:53+09:00",
"dcterms:modified": "2018-01-29T10:30+09:00",
"description": "Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS).\r\n\r\nTERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000121.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:commons_fileupload",
"@product": "Commons FileUpload",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:apache:struts",
"@product": "Apache Struts",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000121",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN89379547/index.html",
"@id": "JVN#89379547",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
"@id": "CVE-2016-3092",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3092",
"@id": "CVE-2016-3092",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Apache Commons FileUpload vulnerable to denial-of-service (DoS)"
}
var-201607-0321
Vulnerability from variot
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). JIRA issues fixed (https://issues.jboss.org/):
JWS-267 - RHEL 6 Errata JIRA
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324759 Version: 3
HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-12-01 Last Updated: 2016-11-30
Potential Security Impact: Remote: Denial of Service (DoS), URL Redirection
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or URL Redirection.
References:
- CVE-2016-3092 - Apache Tomcat, Remote Denial of Service (DoS)
- CVE-2016-5388 - Apache Tomcat, Remote URL Redirection
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP-UX Tomcat-based Servlet v.7.x Engine B.11.31 - Tomcat 7 prior to D.7.0.70.01
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-3092
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-5388
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software update to resolve the vulnerabilities in HP-UX Apache Tomcat 7 Servlet Engine:
-
Tomcat 7.0.70.01 for HP-UX Release B.11.31 (IPF and PA-RISC)
- 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-64.depot
- 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-32.depot
-
Note: The depot file can be found here:
+ https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=HPUXWSATW501
-
Tomcat 7.0.70.01 for Apache 2.2:
-
Install the depot via the link provided and then follow these steps to enable Tomcat 7.0.70.01 for Apache 2.2:
1.Run aswremovea to remove the previously installed Tomcat (if any)
2.rm arf /opt/hpws22/tomcat
3.Create the link using ln -s /opt/hpws24/tomcat /opt/hpws22/tomcat
-
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see:
* https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31 IA/PA
===================
hpuxws22TOMCAT.TOMCAT
hpuxws22TOMCAT.TOMCAT2
action: install revision D.7.0.70.01 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 4 November 2016 Initial release
Version:2 (rev.2) - 8 November 2016 Removed extraneous text from background section
Version:3 (rev.3) - 1 December 2016 Details added to enable Tomcat 7.0.70.01 for Apache 2.2, removed PSRT numbers, simplified title
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. It includes bug fixes and enhancements. The JBoss server process must be restarted for the update to take effect. (CVE-2016-3092)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat security, bug fix, and enhancement update Advisory ID: RHSA-2016:2599-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2599.html Issue date: 2016-11-03 CVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 =====================================================================
- Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)
Security Fix(es):
-
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
-
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
-
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)
-
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
-
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1133070 - Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar 1201409 - Fix the broken tomcat-jsvc service unit 1208402 - Mark web.xml in tomcat-admin-webapps as config file 1221896 - tomcat.service loads /etc/sysconfig/tomcat without shell expansion 1229476 - Tomcat startup ONLY options 1240279 - The command tomcat-digest doesn't work with RHEL 7 1265698 - CVE-2015-5174 tomcat: URL Normalization issue 1277197 - tomcat user has non-existing default shell set 1287928 - Rebase tomcat to 7.0.69 or backport features 1311076 - CVE-2015-5351 tomcat: CSRF token leak 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet 1311089 - CVE-2015-5345 tomcat: directory disclosure 1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() 1311622 - Getting NoSuchElementException while handling attributes with empty string value in tomcat 7.0.54 1320853 - Add HSTS support 1327326 - rpm -V tomcat fails on /var/log/tomcat/catalina.out 1347774 - The security manager doesn't work correctly (JSPs cannot be compiled) 1347860 - The systemd service unit does not allow tomcat to shut down gracefully 1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5174 https://access.redhat.com/security/cve/CVE-2015-5345 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYGv0mXlSAg2UNWIIRAq74AJ9mIwnepxw2jbrHnfK3Gkc+N7uMIACfXM+E 5lVH/+qu5TZIB819MY4FTO0= =u+za -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. (CVE-2016-3092)
-
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2016-0706)
The References section of this erratum contains a download link (you must log in to download the update). References:
https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 Security Impact: https://access.redhat.com/security/updates/classification/#important Download: https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.2
- ========================================================================== Ubuntu Security Notice USN-3024-1 July 05, 2016
tomcat6, tomcat7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Tomcat. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174)
It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)
It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706)
It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714)
It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763)
It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. (CVE-2016-3092)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libtomcat7-java 7.0.68-1ubuntu0.1
Ubuntu 15.10: libtomcat7-java 7.0.64-1ubuntu0.3
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.6
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.7
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0321",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"model": "icewall identity manager",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.61"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.62"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.20"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.21"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.56"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.11"
},
{
"model": "icewall sso agent option",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.14"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.63"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.64"
},
{
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.10"
},
{
"model": "jg748aae hp imc ent sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2.0"
},
{
"model": "jg550aae hp pmm to imc bsc wlm upgr w/150ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.6"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"model": "commons fileupload",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.10"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.0"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "tivoli monitoring fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.5"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.11"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "tivoli monitoring fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "jd814a hp a-imc enterprise edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.11"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.6.8003"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.10"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.2"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "jf378aae hp imc ent s/w pltfrm w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1.7"
},
{
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.8"
},
{
"model": "jd808a hp imc ent platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.0"
},
{
"model": "rational directory server ifix9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "jd816a hp a-imc standard edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "control center 6.1.0.0ifix02",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9.1"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.3"
},
{
"model": "jg768aae hp pcm+ to imc std upg w/ 200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.0"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.7"
},
{
"model": "jg660aae hp imc smart connect w/wlm vae e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "jd815a hp imc std platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.04"
},
{
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "bigfix remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "infosphere information server blueprint director",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.06"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "websphere application server liberty profil",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "control center ifix08",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"model": "commons-fileupload library",
"scope": "eq",
"trust": 0.3,
"vendor": "jenkins ci",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.8"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.7"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.6"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.6"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.4"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.8"
},
{
"model": "control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "algo credit administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.3"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "bigfix remote control",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.07"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "jf289aae hp enterprise management system to intelligent manageme",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"model": "jf378a hp imc ent s/w platform w/200-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.0"
},
{
"model": "tivoli monitoring fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.9"
},
{
"model": "tivoli monitoring fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.0.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.1"
},
{
"model": "control center ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "infosphere information server blueprint director",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "jg546aae hp imc basic sw platform w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.5.7958"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.4"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.10"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"model": "atlas ediscovery process management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "control center ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.08"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1182"
},
{
"model": "jd125a hp imc std s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "algo credit manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "tomcat 9.0.0m8",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.4.7895"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.8"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "algo one",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "jg549aae hp pcm+ to imc std upgr w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.32"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.12.2"
},
{
"model": "tivoli monitoring fp7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.2.1162"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.39"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "b2b advanced communications 1.0.0.5 1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "algo credit limits",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.7.0"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.9"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "disposal and governance management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.1"
},
{
"model": "solaris sru11.6",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "tomcat 9.0.0m6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "websphere application server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "case manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.4.1102"
},
{
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "jg747aae hp imc std sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "jg548aae hp pcm+ to imc bsc upgr w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.3.7856"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.7"
},
{
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.9"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.05"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.0.0"
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.5"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.10"
},
{
"model": "tivoli enterprise portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "global retention policy and schedule management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"model": "control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.3"
},
{
"model": "case manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.0.1098"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "jg767aae hp imc smcnct wsm vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "tomcat for hp-ux b.11.31",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.70.01"
},
{
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "jg590aae hp imc bsc wlan mgr sw pltfm ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "jf288aae hp network director to intelligent management center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "jg766aae hp imc smcnct vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "jd126a hp imc ent s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "icewall sso password reset option",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.2"
},
{
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.18"
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4.1"
},
{
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.35"
},
{
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "jf377a hp imc std s/w platform w/100-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.5"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "control center 6.0.0.0ifix03",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.3"
},
{
"model": "security guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.24"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.3.01"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.13"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "jf377aae hp imc std s/w pltfrm w/100-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.4"
},
{
"model": "control center 6.1.0.0ifix01",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.33"
},
{
"model": "control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.34"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5.1"
},
{
"model": "infosphere business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
}
],
"sources": [
{
"db": "BID",
"id": "91453"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "139770"
}
],
"trust": 0.5
},
"cve": "CVE-2016-3092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-3092",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-3092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. These packages provide a number of enhancements\nover the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-267 - RHEL 6 Errata JIRA\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324759\nVersion: 3\n\nHPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of\nService (DoS), URL Redirection\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-12-01\nLast Updated: 2016-11-30\n\nPotential Security Impact: Remote: Denial of Service (DoS), URL Redirection\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in the HP-UX\nTomcat-based Servlet Engine. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) or URL Redirection. \n\nReferences:\n\n - CVE-2016-3092 - Apache Tomcat, Remote Denial of Service (DoS)\n - CVE-2016-5388 - Apache Tomcat, Remote URL Redirection\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP-UX Tomcat-based Servlet v.7.x Engine B.11.31 - Tomcat 7 prior to\nD.7.0.70.01\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-3092\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-5388\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software update to resolve the vulnerabilities\nin HP-UX Apache Tomcat 7 Servlet Engine:\n\n * Tomcat 7.0.70.01 for HP-UX Release B.11.31 (IPF and PA-RISC)\n\n + 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-64.depot\n + 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-32.depot\n\n* **Note:** The depot file can be found here:\n\n +\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=HPUXWSATW501\u003e \n \n * Tomcat 7.0.70.01 for Apache 2.2:\n\n + Install the depot via the link provided and then follow these steps to\nenable Tomcat 7.0.70.01 for Apache 2.2: \n\n 1.Run aswremovea to remove the previously installed Tomcat (if any)\n \n 2.rm arf /opt/hpws22/tomcat\n \n 3.Create the link using ln -s /opt/hpws24/tomcat /opt/hpws22/tomcat \n \n**MANUAL ACTIONS: Yes - Update**\n \nDownload and install the software update\n\n**PRODUCT SPECIFIC INFORMATION**\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HPE and lists recommended actions that may apply to a specific\nHP-UX system. It can also download patches and create a depot automatically. \nFor more information see:\n \n *\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=B6834AA\u003e\n\nThe following text is for use by the HP-UX Software Assistant. \n\n AFFECTED VERSIONS\n\n HP-UX B.11.31 IA/PA\n =================== \n hpuxws22TOMCAT.TOMCAT\n hpuxws22TOMCAT.TOMCAT2\n action: install revision D.7.0.70.01 or subsequent\n\n END AFFECTED VERSIONS\n\nHISTORY\n\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nVersion:2 (rev.2) - 8 November 2016 Removed extraneous text from background\nsection\n\nVersion:3 (rev.3) - 1 December 2016 Details added to enable Tomcat 7.0.70.01\nfor Apache 2.2, removed PSRT numbers, simplified title\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. It includes bug fixes and enhancements. The\nJBoss server process must be restarted for the update to take effect. (CVE-2016-3092)\n\n4. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat security, bug fix, and enhancement update\nAdvisory ID: RHSA-2016:2599-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2599.html\nIssue date: 2016-11-03\nCVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 \n CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 \n CVE-2016-3092 \n=====================================================================\n\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1133070 - Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar\n1201409 - Fix the broken tomcat-jsvc service unit\n1208402 - Mark web.xml in tomcat-admin-webapps as config file\n1221896 - tomcat.service loads /etc/sysconfig/tomcat without shell expansion\n1229476 - Tomcat startup ONLY options\n1240279 - The command tomcat-digest doesn\u0027t work with RHEL 7\n1265698 - CVE-2015-5174 tomcat: URL Normalization issue\n1277197 - tomcat user has non-existing default shell set\n1287928 - Rebase tomcat to 7.0.69 or backport features\n1311076 - CVE-2015-5351 tomcat: CSRF token leak\n1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms\n1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet\n1311089 - CVE-2015-5345 tomcat: directory disclosure\n1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()\n1311622 - Getting NoSuchElementException while handling attributes with empty string value in tomcat 7.0.54\n1320853 - Add HSTS support\n1327326 - rpm -V tomcat fails on /var/log/tomcat/catalina.out\n1347774 - The security manager doesn\u0027t work correctly (JSPs cannot be compiled)\n1347860 - The systemd service unit does not allow tomcat to shut down gracefully\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5174\nhttps://access.redhat.com/security/cve/CVE-2015-5345\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYGv0mXlSAg2UNWIIRAq74AJ9mIwnepxw2jbrHnfK3Gkc+N7uMIACfXM+E\n5lVH/+qu5TZIB819MY4FTO0=\n=u+za\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. It contains security fixes for the Tomcat 7\ncomponent. Only users of the Tomcat 7 component in JBoss Web Server need to\napply the fixes delivered in this release. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2016-0706)\n\n3. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5346\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nSecurity Impact: https://access.redhat.com/security/updates/classification/#important\nDownload: https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.2\n\n6. ==========================================================================\nUbuntu Security Notice USN-3024-1\nJuly 05, 2016\n\ntomcat6, tomcat7 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled\nredirects. A remote attacker could use this issue to determine the\nexistence of a directory. This issue only affected Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 15.10. A\nremote attacker could possibly use this issue to hijack web sessions. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this\nissue to bypass CSRF protection mechanisms. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on the\nRestrictedServlets list. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. \n(CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation\nincorrectly handled session attributes. A remote attacker could possibly\nuse this issue to execute arbitrary code in a privileged context. This\nissue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. \n(CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly\nchecked if callers were authorized. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly handled\ncertain upload requests. (CVE-2016-3092)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libtomcat7-java 7.0.68-1ubuntu0.1\n\nUbuntu 15.10:\n libtomcat7-java 7.0.64-1ubuntu0.3\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.6\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.7\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "139972"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3092",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVN89379547",
"trust": 1.4
},
{
"db": "BID",
"id": "91453",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036427",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037029",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036900",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1039606",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2016-3092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139972",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139165",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139536",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137773",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "139972"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"id": "VAR-201607-0321",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2024-06-14T22:46:42.863000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162069 - security advisory"
},
{
"title": "Red Hat: Moderate: jboss-ec2-eap security and enhancement update for EAP 6.4.11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162072 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162068 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162070 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-3611-1 libcommons-fileupload-java -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=824a6eb444fe6417647eb1c1fb51c0f6"
},
{
"title": "Ubuntu Security Notice: tomcat8 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3027-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162807 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162808 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2016-736",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-736"
},
{
"title": "Red Hat: CVE-2016-3092",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-3092"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170457 - security advisory"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3024-1"
},
{
"title": "Debian Security Advisories: DSA-3609-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35ca6a1e2d09521d71af74a1e27d6cbd"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://jvn.jp/en/jp/jvn89379547/index.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.4,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3024-1"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91453"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2808.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2599.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2072.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2069.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000121"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3ccaf8hoz%2bpq2qh8rnxbujyok1doz6jrtiqypac%2bh8g6ozkbg%2bcxg%40mail.gmail.com%3e"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3027-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05204371"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05289840"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324759"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037029"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036900"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036427"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039606"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2807.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2071.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2070.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2068.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324759"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9a3f@apache.org%3e"
},
{
"trust": 0.3,
"url": "https://jenkins.io/security/advisory/2017-10-11/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05204371"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05289840"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.70"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021649"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986641"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21990830"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21992916"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009566"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009571"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987864"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988198"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988279"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988584"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988585"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988586"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989359"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990120"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990236"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990262"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990386"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990394"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990424"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990451"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990884"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991786"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991866"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992457"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993043"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993879"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995043"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995382"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995611"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995686"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995892"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0706"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-5351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0763"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2016:2069"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3611"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3027-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49238"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5346"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.64-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.68-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "139972"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "139972"
},
{
"db": "PACKETSTORM",
"id": "139165"
},
{
"db": "PACKETSTORM",
"id": "139536"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"date": "2016-06-21T00:00:00",
"db": "BID",
"id": "91453"
},
{
"date": "2017-03-08T00:54:47",
"db": "PACKETSTORM",
"id": "141509"
},
{
"date": "2016-10-18T13:58:15",
"db": "PACKETSTORM",
"id": "139164"
},
{
"date": "2016-12-01T16:38:46",
"db": "PACKETSTORM",
"id": "139972"
},
{
"date": "2016-10-18T13:58:26",
"db": "PACKETSTORM",
"id": "139165"
},
{
"date": "2016-11-04T20:09:39",
"db": "PACKETSTORM",
"id": "139536"
},
{
"date": "2016-11-17T23:52:49",
"db": "PACKETSTORM",
"id": "139770"
},
{
"date": "2016-07-05T18:11:00",
"db": "PACKETSTORM",
"id": "137773"
},
{
"date": "2016-07-04T22:59:04.303000",
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"date": "2019-04-17T07:00:00",
"db": "BID",
"id": "91453"
},
{
"date": "2023-12-08T16:41:18.860000",
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
}
}
wid-sec-w-2023-0644
Vulnerability from csaf_certbund
Published
2016-06-22 22:00
Modified
2023-03-16 23:00
Summary
Apache Tomcat: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0644 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-0644.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0644 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0644"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0758-1 vom 2023-03-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014070.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:0730-1 vom 2023-03-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014040.html"
},
{
"category": "external",
"summary": "Tomcat mailing list vom 2016-06-22",
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-dev/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3609 vom 2016-06-30",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3614-1 vom 2016-07-02",
"url": "https://www.debian.org/security/2016/dsa-3614"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3024-1 vom 2016-07-05",
"url": "http://www.ubuntu.com/usn/usn-3024-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3027-1 vom 2016-07-06",
"url": "http://www.ubuntu.com/usn/usn-3027-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2188-1 vom 2016-09-03",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162188-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:2599-1 vom 2016-11-03",
"url": "https://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBUX03665 vom 2016-11-07",
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2016-2599 vom 2016-11-09",
"url": "http://linux.oracle.com/errata/ELSA-2016-2599.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:2807 vom 2016-11-18",
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:2808 vom 2016-11-18",
"url": "https://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1660-1 vom 2017-06-24",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171660-1.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20190212-0001 vom 2019-02-12",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202107-39 vom 2021-07-17",
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-03-16T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:19:05.523+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-0644",
"initial_release_date": "2016-06-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2016-06-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2016-06-22T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-06-29T22:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2016-06-29T22:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-03T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2016-07-05T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2016-07-05T22:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-06T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2016-09-04T22:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2016-09-04T22:00:00.000+00:00",
"number": "10",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-11-03T23:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2016-11-03T23:00:00.000+00:00",
"number": "12",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2016-11-09T23:00:00.000+00:00",
"number": "14",
"summary": "New remediations available"
},
{
"date": "2016-11-09T23:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-11-17T23:00:00.000+00:00",
"number": "16",
"summary": "New remediations available"
},
{
"date": "2016-11-17T23:00:00.000+00:00",
"number": "17",
"summary": "New remediations available"
},
{
"date": "2017-06-26T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2019-02-12T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2021-07-18T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-03-14T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-03-16T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "22"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apache Tomcat 9.0.0.M1 - 9.0.0M6",
"product": {
"name": "Apache Tomcat 9.0.0.M1 - 9.0.0M6",
"product_id": "T007898",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.0.m1_-_9.0.0m6"
}
}
},
{
"category": "product_name",
"name": "Apache Tomcat 8.5.0 - 8.5.2",
"product": {
"name": "Apache Tomcat 8.5.0 - 8.5.2",
"product_id": "T007899",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:8.5.0_-_8.5.2"
}
}
},
{
"category": "product_name",
"name": "Apache Tomcat 8.0.0.RC1 - 8.0.35",
"product": {
"name": "Apache Tomcat 8.0.0.RC1 - 8.0.35",
"product_id": "T007900",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:8.0.0.rc1_-_8.0.35"
}
}
},
{
"category": "product_name",
"name": "Apache Tomcat 7.0.0 - 7.0.69",
"product": {
"name": "Apache Tomcat 7.0.0 - 7.0.69",
"product_id": "T007901",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:7.0.0_-_7.0.69"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"notes": [
{
"category": "description",
"text": "In Apache Tomcat besteht eine Denial of Service Schwachstelle. Diese Schwachstelle tritt w\u00e4hrend der Verarbeitung speziell manipulierter Anfragen an Apache Commons FileUpload auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T007900",
"67646",
"T007901",
"T000126",
"T007898",
"T007899",
"T012167",
"T004914"
]
},
"release_date": "2016-06-22T22:00:00Z",
"title": "CVE-2016-3092"
}
]
}
wid-sec-w-2022-1375
Vulnerability from csaf_certbund
Published
2022-09-11 22:00
Modified
2023-09-14 22:00
Summary
JFrog Artifactory: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- UNIX
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1375 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1375 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities vom 2022-09-11",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04",
"url": "https://access.redhat.com/errata/RHSA-2022:6782"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5776-1 vom 2022-12-13",
"url": "https://ubuntu.com/security/notices/USN-5776-1"
}
],
"source_lang": "en-US",
"title": "JFrog Artifactory: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-09-14T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T16:58:09.779+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-1375",
"initial_release_date": "2022-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-04T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JFrog Artifactory",
"product": {
"name": "JFrog Artifactory",
"product_id": "T024527",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:-"
}
}
},
{
"category": "product_name",
"name": "JFrog Artifactory \u003c 7.46.3",
"product": {
"name": "JFrog Artifactory \u003c 7.46.3",
"product_id": "T024764",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:7.46.3"
}
}
}
],
"category": "product_name",
"name": "Artifactory"
}
],
"category": "vendor",
"name": "JFrog"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-4517",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2013-4517"
},
{
"cve": "CVE-2013-7285",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2013-7285"
},
{
"cve": "CVE-2014-0107",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2014-0107"
},
{
"cve": "CVE-2014-0114",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-3577",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2014-3577"
},
{
"cve": "CVE-2014-3623",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2014-3623"
},
{
"cve": "CVE-2015-0227",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2015-0227"
},
{
"cve": "CVE-2015-2575",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2015-2575"
},
{
"cve": "CVE-2015-3253",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2015-3253"
},
{
"cve": "CVE-2015-4852",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2015-7940",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2015-7940"
},
{
"cve": "CVE-2016-10750",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2016-10750"
},
{
"cve": "CVE-2016-3092",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-3674",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2016-3674"
},
{
"cve": "CVE-2016-6501",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2016-6501"
},
{
"cve": "CVE-2016-8735",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2016-8735"
},
{
"cve": "CVE-2016-8745",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2016-8745"
},
{
"cve": "CVE-2017-1000487",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-1000487"
},
{
"cve": "CVE-2017-15095",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-15095"
},
{
"cve": "CVE-2017-17485",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-17485"
},
{
"cve": "CVE-2017-18214",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-18214"
},
{
"cve": "CVE-2017-18640",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-18640"
},
{
"cve": "CVE-2017-7525",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-7525"
},
{
"cve": "CVE-2017-7657",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-7657"
},
{
"cve": "CVE-2017-7957",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-7957"
},
{
"cve": "CVE-2017-9506",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2017-9506"
},
{
"cve": "CVE-2018-1000206",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2018-1000206"
},
{
"cve": "CVE-2018-9116",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2018-9116"
},
{
"cve": "CVE-2019-10219",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2019-10219"
},
{
"cve": "CVE-2019-12402",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2019-12402"
},
{
"cve": "CVE-2019-17359",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2019-17359"
},
{
"cve": "CVE-2019-17571",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2019-20104",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2019-20104"
},
{
"cve": "CVE-2020-11996",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-11996"
},
{
"cve": "CVE-2020-13934",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13949",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-13949"
},
{
"cve": "CVE-2020-14340",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-14340"
},
{
"cve": "CVE-2020-15586",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-1745",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-1745"
},
{
"cve": "CVE-2020-17521",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2020-25649",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-28500",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-28500"
},
{
"cve": "CVE-2020-29582",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-29582"
},
{
"cve": "CVE-2020-36518",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2020-7226",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-7226"
},
{
"cve": "CVE-2020-7692",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-7692"
},
{
"cve": "CVE-2020-8203",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2020-8203"
},
{
"cve": "CVE-2021-13936",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-13936"
},
{
"cve": "CVE-2021-21290",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-21290"
},
{
"cve": "CVE-2021-22060",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22112",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22112"
},
{
"cve": "CVE-2021-22119",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22119"
},
{
"cve": "CVE-2021-22147",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22147"
},
{
"cve": "CVE-2021-22148",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22148"
},
{
"cve": "CVE-2021-22149",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22149"
},
{
"cve": "CVE-2021-22573",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-22573"
},
{
"cve": "CVE-2021-23337",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-23337"
},
{
"cve": "CVE-2021-25122",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-26291",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-26291"
},
{
"cve": "CVE-2021-27568",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-27568"
},
{
"cve": "CVE-2021-29505",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-29505"
},
{
"cve": "CVE-2021-30129",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-30129"
},
{
"cve": "CVE-2021-33037",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-35550",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35550"
},
{
"cve": "CVE-2021-35556",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35556"
},
{
"cve": "CVE-2021-35560",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35560"
},
{
"cve": "CVE-2021-35561",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35561"
},
{
"cve": "CVE-2021-35564",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35564"
},
{
"cve": "CVE-2021-35565",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35565"
},
{
"cve": "CVE-2021-35567",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35567"
},
{
"cve": "CVE-2021-35578",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-35586",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35586"
},
{
"cve": "CVE-2021-35588",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35588"
},
{
"cve": "CVE-2021-35603",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-35603"
},
{
"cve": "CVE-2021-36374",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-36374"
},
{
"cve": "CVE-2021-3765",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-3765"
},
{
"cve": "CVE-2021-3807",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-38561",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-3859",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-3859"
},
{
"cve": "CVE-2021-41090",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-41090"
},
{
"cve": "CVE-2021-41091",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2021-42340",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-42340"
},
{
"cve": "CVE-2021-42550",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-42550"
},
{
"cve": "CVE-2021-43797",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2022-0536",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-0536"
},
{
"cve": "CVE-2022-22963",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-22963"
},
{
"cve": "CVE-2022-23632",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-23632"
},
{
"cve": "CVE-2022-23648",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-23648"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24769",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-24769"
},
{
"cve": "CVE-2022-24823",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-24823"
},
{
"cve": "CVE-2022-27191",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-29153",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-29153"
},
{
"cve": "CVE-2022-32212",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-32212"
},
{
"cve": "CVE-2022-32213",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-32213"
},
{
"cve": "CVE-2022-32214",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-32214"
},
{
"cve": "CVE-2022-32215",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-32215"
},
{
"cve": "CVE-2022-32223",
"notes": [
{
"category": "description",
"text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T024527",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00Z",
"title": "CVE-2022-32223"
}
]
}
ghsa-fvm3-cfvj-gxqq
Vulnerability from github
Published
2018-12-21 17:47
Modified
2021-07-19 15:57
Severity
Summary
High severity vulnerability that affects commons-fileupload:commons-fileupload
Details
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "commons-fileupload:commons-fileupload"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-3092"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:35:21Z",
"nvd_published_at": "2016-07-04T22:59:00Z",
"severity": "HIGH"
},
"details": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"id": "GHSA-fvm3-cfvj-gxqq",
"modified": "2021-07-19T15:57:47Z",
"published": "2018-12-21T17:47:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20171111060434/http://www.securitytracker.com/id/1039606"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20171103224941/http://www.securitytracker.com/id/1036900"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170317103106/http://www.securitytracker.com/id/1037029"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20160924080828/http://www.securityfocus.com/bid/91453"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20160726114129/http://www.securitytracker.com/id/1036427"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fvm3-cfvj-gxqq"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"type": "WEB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3027-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "High severity vulnerability that affects commons-fileupload:commons-fileupload"
}
Loading...