cve-2018-5407

Vulnerability from cvelistv5

Published

2018-11-15 21:00

Modified

2024-08-05 05:33

Severity

Summary

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

References

Source	URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/105897	Third Party Advisory, VDB Entry
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:0483	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:0651	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:0652	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:2125	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:3929	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:3931	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:3932	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:3933	Third Party Advisory
cret@cert.org	https://access.redhat.com/errata/RHSA-2019:3935	Third Party Advisory
cret@cert.org	https://eprint.iacr.org/2018/1060.pdf	Technical Description, Third Party Advisory
cret@cert.org	https://github.com/bbbrumley/portsmash	Exploit, Third Party Advisory
cret@cert.org	https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html	Mailing List, Third Party Advisory
cret@cert.org	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	Third Party Advisory
cret@cert.org	https://security.gentoo.org/glsa/201903-10	Third Party Advisory
cret@cert.org	https://security.netapp.com/advisory/ntap-20181126-0001/	Third Party Advisory
cret@cert.org	https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS
cret@cert.org	https://usn.ubuntu.com/3840-1/	Third Party Advisory
cret@cert.org	https://www.debian.org/security/2018/dsa-4348	Third Party Advisory
cret@cert.org	https://www.debian.org/security/2018/dsa-4355	Third Party Advisory
cret@cert.org	https://www.exploit-db.com/exploits/45785/	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Third Party Advisory
cret@cert.org	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Third Party Advisory
cret@cert.org	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch, Third Party Advisory
cret@cert.org	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Vendor Advisory
cret@cert.org	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory
cret@cert.org	https://www.tenable.com/security/tns-2018-16	Third Party Advisory
cret@cert.org	https://www.tenable.com/security/tns-2018-17	Third Party Advisory

Impacted products

Vendor	Product
N/A	Processors supporting Simultaneous Multi-Threading

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0483",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0483"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "45785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45785/"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bbbrumley/portsmash"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "105897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2018/1060.pdf"
          },
          {
            "name": "RHSA-2019:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0651"
          },
          {
            "name": "RHSA-2019:0652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0652"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:2125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Processors supporting Simultaneous Multi-Threading",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2018-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:46",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2019:0483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "45785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45785/"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "105897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2018/1060.pdf"
        },
        {
          "name": "RHSA-2019:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0651"
        },
        {
          "name": "RHSA-2019:0652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0652"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:2125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Processors supporting Simultaneous Multi-Threading",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "N/A"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0483",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0483"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "45785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45785/"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "https://github.com/bbbrumley/portsmash",
              "refsource": "MISC",
              "url": "https://github.com/bbbrumley/portsmash"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "105897",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105897"
            },
            {
              "name": "https://eprint.iacr.org/2018/1060.pdf",
              "refsource": "MISC",
              "url": "https://eprint.iacr.org/2018/1060.pdf"
            },
            {
              "name": "RHSA-2019:0651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0651"
            },
            {
              "name": "RHSA-2019:0652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0652"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:2125",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2125"
            },
            {
              "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5407",
    "datePublished": "2018-11-15T21:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5407\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-11-15T21:29:00.233\",\"lastModified\":\"2023-11-07T02:58:42.920\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.\"},{\"lang\":\"es\",\"value\":\"SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronizaci\u00f3n mediante un ataques de sincronizaci\u00f3n de canal lateral en la \\\"contenci\u00f3n de puertos\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":1.9},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.14.4\",\"matchCriteriaId\":\"4F608F84-5A94-4DC1-A7B8-E19028F96A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.11.4\",\"matchCriteriaId\":\"468A9D35-95E1-473B-A5D3-9BD78818F599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.9.0\",\"matchCriteriaId\":\"48A01678-361E-4F23-B7D6-41B0C145F491\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2q\",\"matchCriteriaId\":\"0DF92E05-808F-4D22-BD55-3571BF46889F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.1.0i\",\"matchCriteriaId\":\"B64CB987-8B48-4B65-BC6A-B39F1F69F4B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.1.1\",\"matchCriteriaId\":\"0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD941CDF-8486-43F7-9D98-2B8785B1B139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDE18990-1FC9-4624-971B-2E87BF0871AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C29F2D-CBE6-4E22-98AE-787E939ED161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.12.3\",\"matchCriteriaId\":\"D2049488-5CE2-4C56-8B0E-BA7C499A7372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.4\",\"versionEndIncluding\":\"4.1.2\",\"matchCriteriaId\":\"81B25011-AEFA-453D-AF1E-5945AB625767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"7A1E1023-2EB9-4334-9B74-CA71480F71C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84BF6794-2CE6-407F-B8E0-81871AB7B40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F021C23-AB9B-4877-833F-D01359A98762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8ED016-32A1-42EE-844E-3E6B2C116B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A046CC2C-445F-4336-8810-930570B4FEC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92A6A7BA-CCE6-426F-8434-7A578A245180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"B52550D1-38F6-4AAC-BE68-487F7D6DB2D8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E92F9B3-3841-4C05-88F0-CEB0735EA4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105897\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0483\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0651\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0652\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2125\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://eprint.iacr.org/2018/1060.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bbbrumley/portsmash\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181126-0001/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4355\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45785/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-16\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-17\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

rhsa-2019_0483

Vulnerability from csaf_redhat

Published

2019-03-13 13:00

Modified

2024-09-16 02:07

Summary

Red Hat Security Advisory: openssl security and bug fix update

Notes

Topic

An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Perform the RSA signature self-tests with SHA-256 (BZ#1673914)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:0483",
        "url": "https://access.redhat.com/errata/RHSA-2019:0483"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_0483.json"
      }
    ],
    "title": "Red Hat Security Advisory: openssl security and bug fix update",
    "tracking": {
      "current_release_date": "2024-09-16T02:07:16+00:00",
      "generator": {
        "date": "2024-09-16T02:07:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:0483",
      "initial_release_date": "2019-03-13T13:00:21+00:00",
      "revision_history": [
        {
          "date": "2019-03-13T13:00:21+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-03-13T13:00:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T02:07:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client Optional (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client Optional (v. 7)",
                  "product_id": "7Client-optional-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
                  "product_id": "7ComputeNode-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                  "product_id": "7ComputeNode-optional-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
                  "product_id": "7Server-Alt-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 7)",
                  "product_id": "7Server-optional-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
                  "product_id": "7Server-optional-Alt-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                  "product_id": "7Workstation-optional-7.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
                "product": {
                  "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_id": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
                "product": {
                  "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-1:1.0.2k-16.el7_6.1.src",
                "product": {
                  "name": "openssl-1:1.0.2k-16.el7_6.1.src",
                  "product_id": "openssl-1:1.0.2k-16.el7_6.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
                "product": {
                  "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
                "product": {
                  "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_id": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
                "product": {
                  "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
                  "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.0.2k-16.el7_6.1.s390x",
                "product": {
                  "name": "openssl-1:1.0.2k-16.el7_6.1.s390x",
                  "product_id": "openssl-1:1.0.2k-16.el7_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
                "product": {
                  "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
                "product": {
                  "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_id": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
                "product": {
                  "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
                "product": {
                  "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
                "product": {
                  "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
                "product": {
                  "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
                "product": {
                  "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
                "product": {
                  "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_id": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
          "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Client-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
          "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
          "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
          "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
          "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        },
        "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
        "relates_to_product_reference": "7Workstation-optional-7.6.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0735",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-10-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1644356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: timing side channel attack in the ECDSA signature generation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0735"
        },
        {
          "category": "external",
          "summary": "RHBZ#1644356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0735"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
        }
      ],
      "release_date": "2018-10-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
          "product_ids": [
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: timing side channel attack in the ECDSA signature generation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
          "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
          "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
          "product_ids": [
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src",
            "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x",
            "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    }
  ]
}

rhba-2019_1053

Vulnerability from csaf_redhat

Published

2019-05-08 12:26

Modified

2024-09-13 12:54

Summary

Red Hat Bug Fix Advisory: redhat-virtualization-host bug fix and enhancement update

Notes

Topic

Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.

Details

The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Changes to the imgbased component: * Previously, Red Hat Virtualization Host entered emergency mode after it was updated to the latest version and rebooted twice. This was due to the presence of a local disk WWID in /etc/multipath/wwids. In the current release, /etc/multipath/wwids has been removed. During upgrades, imgbased now calls "vdsm-tool configure --force" in the new layer, using the SYSTEMD_IGNORE_CHROOT environment variable. (BZ#1636028) * Previously, the default ntp.conf file was migrated to chrony even when NTP was disabled, overwriting chrony.conf file with incorrect values. In the current release, ntp.conf is only migrated if NTP is enabled. (BZ#1638606) * Previously, imgbased failed upon receiving the e2fsck return code 1 when creating a new layer. In the current release, imgbased handles the e2fsck return code 1 as a success, since the new file system is correct and the new layer is installed successfully. (BZ#1645395) * Previously, even if lvmetad was disabled in the configuration, the lvmetad service left a pid file hanging. As a result, entering lvm commands displayed warnings. The current release masks the lvmetad service during build so it never starts and lvm commands do not show warnings. (BZ#1652795) Changes to the redhat-virtualization-host component: * Previously, during an upgrade, dracut running inside chroot did not detect the cpuinfo and the kernel config files because /proc was not mounted and /boot was bindmounted. As a result, the correct microcode was missing from the initramfs. The current release bindmounts /proc to the chroot and removes the --hostonly flag. This change inserts both AMD and Intel microcodes into the initramfs and boots the host after an upgrade. (BZ#1652519) * The current release applies the OpenSCAP security profile when installing and upgrading RHV-H. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards. (BZ#1654253) * Do not use a VNC-based connection to deploy Red Hat Virtualization Manager as a self-hosted engine. The VNC protocol does not support password auth in FIPS mode. As a result, the self-hosted engine will fail to deploy. Instead, deploy the Manager as a self-hosted engine, use a SPICE-based connection. (BZ#1591693) * The current release ships a new version of Red Hat Gluster Storage, RHGS 3.4.4, in Red Hat Virtualization Host (RHVH). (BZ#1679133) * Previously, changing log levels required editing libvirt.conf and restarting the libvirtd service. This restart prevented support from collecting data and made reproducing issues more difficult. The current release adds the libvirt-admin package to the optional channel for Red Hat Virtualization Host. Installing this package enables you to run the virt-admin command to change libvirt logging levels on the fly. (BZ#1571283)

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated \u200b\u200bredhat-virtualization-host packages that fix several bugs and add various enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime.\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nChanges to the imgbased component:\n\n* Previously, Red Hat Virtualization Host entered emergency mode after it was updated to the latest version and rebooted twice. This was due to the presence of a local disk WWID in /etc/multipath/wwids.\n\nIn the current release, /etc/multipath/wwids has been removed. During upgrades, imgbased now calls \"vdsm-tool configure --force\" in the new layer, using the SYSTEMD_IGNORE_CHROOT environment variable. (BZ#1636028)\n\n* Previously, the default ntp.conf file was migrated to chrony even when NTP was disabled, overwriting chrony.conf file with incorrect values. In the current release, ntp.conf is only migrated if NTP is enabled. (BZ#1638606)\n\n* Previously, imgbased failed upon receiving the e2fsck return code 1 when creating a new layer. In the current release, imgbased handles the  e2fsck return code 1 as a success, since the new file system is correct and the new layer is installed successfully. (BZ#1645395)\n\n* Previously, even if lvmetad was disabled in the configuration, the lvmetad service left a pid file hanging. As a result, entering lvm commands displayed warnings.\n\nThe current release masks the lvmetad service during build so it never starts and lvm commands do not show warnings. (BZ#1652795)\n\nChanges to the redhat-virtualization-host component:\n\n* Previously, during an upgrade, dracut running inside chroot did not detect the cpuinfo and the kernel config files because /proc was not mounted and /boot was bindmounted. As a result, the correct microcode was missing from the initramfs.\n\nThe current release bindmounts /proc to the chroot and removes the --hostonly flag. This change inserts both AMD and Intel microcodes into the initramfs and boots the host after an upgrade. (BZ#1652519)\n\n* The current release applies the OpenSCAP security profile when installing and upgrading RHV-H. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards. (BZ#1654253)\n\n* Do not use a VNC-based connection to deploy Red Hat Virtualization Manager as a self-hosted engine. The VNC protocol does not support password auth in FIPS mode. As a result, the self-hosted engine will fail to deploy.\n\nInstead, deploy the Manager as a self-hosted engine, use a SPICE-based connection. (BZ#1591693)\n\n* The current release ships a new version of Red Hat Gluster Storage, RHGS  3.4.4, in Red Hat Virtualization Host (RHVH). (BZ#1679133)\n\n* Previously, changing log levels required editing libvirt.conf and restarting the libvirtd service. This restart prevented support from collecting data and made reproducing issues more difficult.\n\nThe current release adds the libvirt-admin package to the optional channel for Red Hat Virtualization Host. Installing this package enables you to run the virt-admin command to change libvirt logging levels on the fly. (BZ#1571283)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2019:1053",
        "url": "https://access.redhat.com/errata/RHBA-2019:1053"
      },
      {
        "category": "external",
        "summary": "1436519",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436519"
      },
      {
        "category": "external",
        "summary": "1571283",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571283"
      },
      {
        "category": "external",
        "summary": "1591693",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591693"
      },
      {
        "category": "external",
        "summary": "1630263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630263"
      },
      {
        "category": "external",
        "summary": "1630267",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630267"
      },
      {
        "category": "external",
        "summary": "1632741",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632741"
      },
      {
        "category": "external",
        "summary": "1633069",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633069"
      },
      {
        "category": "external",
        "summary": "1633075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633075"
      },
      {
        "category": "external",
        "summary": "1636028",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636028"
      },
      {
        "category": "external",
        "summary": "1638606",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1638606"
      },
      {
        "category": "external",
        "summary": "1645395",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645395"
      },
      {
        "category": "external",
        "summary": "1646147",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646147"
      },
      {
        "category": "external",
        "summary": "1652519",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652519"
      },
      {
        "category": "external",
        "summary": "1652789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652789"
      },
      {
        "category": "external",
        "summary": "1652795",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652795"
      },
      {
        "category": "external",
        "summary": "1652817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652817"
      },
      {
        "category": "external",
        "summary": "1653137",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653137"
      },
      {
        "category": "external",
        "summary": "1653669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653669"
      },
      {
        "category": "external",
        "summary": "1654253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654253"
      },
      {
        "category": "external",
        "summary": "1655003",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655003"
      },
      {
        "category": "external",
        "summary": "1669377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669377"
      },
      {
        "category": "external",
        "summary": "1673953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673953"
      },
      {
        "category": "external",
        "summary": "1679133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679133"
      },
      {
        "category": "external",
        "summary": "1693710",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693710"
      },
      {
        "category": "external",
        "summary": "1693897",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693897"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhba-2019_1053.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: redhat-virtualization-host bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-09-13T12:54:01+00:00",
      "generator": {
        "date": "2024-09-13T12:54:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHBA-2019:1053",
      "initial_release_date": "2019-05-08T12:26:02+00:00",
      "revision_history": [
        {
          "date": "2019-05-08T12:26:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-05-08T12:26:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T12:54:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
                "product": {
                  "name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
                  "product_id": "7Server-RHEV-4-HypervisorBuild-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
                "product": {
                  "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
                  "product_id": "7Server-RHEV-4-Hypervisor-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
                "product": {
                  "name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
                  "product_id": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-node-ng@4.3.0-0.20181213.0.el7ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
                "product": {
                  "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
                  "product_id": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3-0.5.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "imgbased-0:1.1.7-0.1.el7ev.src",
                "product": {
                  "name": "imgbased-0:1.1.7-0.1.el7ev.src",
                  "product_id": "imgbased-0:1.1.7-0.1.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/imgbased@1.1.7-0.1.el7ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
                "product": {
                  "name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
                  "product_id": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host@4.3-20190409.0.el7_6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
                "product": {
                  "name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
                  "product_id": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-ovirt-node-ng-nodectl@4.3.0-0.20181213.0.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
                "product": {
                  "name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
                  "product_id": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-node-ng-nodectl@4.3.0-0.20181213.0.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
                "product": {
                  "name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
                  "product_id": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.3-0.5.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "imgbased-0:1.1.7-0.1.el7ev.noarch",
                "product": {
                  "name": "imgbased-0:1.1.7-0.1.el7ev.noarch",
                  "product_id": "imgbased-0:1.1.7-0.1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/imgbased@1.1.7-0.1.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
                "product": {
                  "name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
                  "product_id": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-imgbased@1.1.7-0.1.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
                "product": {
                  "name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
                  "product_id": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.3-20190409.0.el7_6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
                "product": {
                  "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
                  "product_id": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3-0.5.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
          "product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src"
        },
        "product_reference": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
        "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
          "product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch"
        },
        "product_reference": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "imgbased-0:1.1.7-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch"
        },
        "product_reference": "imgbased-0:1.1.7-0.1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "imgbased-0:1.1.7-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src"
        },
        "product_reference": "imgbased-0:1.1.7-0.1.el7ev.src",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src"
        },
        "product_reference": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch"
        },
        "product_reference": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch"
        },
        "product_reference": "python-imgbased-0:1.1.7-0.1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch"
        },
        "product_reference": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src"
        },
        "product_reference": "redhat-release-virtualization-host-0:4.3-0.5.el7.src",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64"
        },
        "product_reference": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
        },
        "product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch",
        "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
          "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
          "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
          "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
          "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
          "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
          "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
          "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
          "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
          "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
          "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
            "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
            "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2019:1053"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
            "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
            "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src",
            "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src",
            "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src",
            "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64",
            "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    }
  ]
}

rhsa-2019_2125

Vulnerability from csaf_redhat

Published

2019-08-06 12:11

Modified

2024-09-16 02:06

Summary

Red Hat Security Advisory: ovmf security and enhancement update

Notes

Topic

An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734) * edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735) * edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181) * edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160) * edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:2125",
        "url": "https://access.redhat.com/errata/RHSA-2019:2125"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
      },
      {
        "category": "external",
        "summary": "1641433",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433"
      },
      {
        "category": "external",
        "summary": "1641442",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442"
      },
      {
        "category": "external",
        "summary": "1641446",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446"
      },
      {
        "category": "external",
        "summary": "1641450",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450"
      },
      {
        "category": "external",
        "summary": "1641458",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458"
      },
      {
        "category": "external",
        "summary": "1641465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "external",
        "summary": "1686783",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783"
      },
      {
        "category": "external",
        "summary": "1691640",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640"
      },
      {
        "category": "external",
        "summary": "1694065",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_2125.json"
      }
    ],
    "title": "Red Hat Security Advisory: ovmf security and enhancement update",
    "tracking": {
      "current_release_date": "2024-09-16T02:06:50+00:00",
      "generator": {
        "date": "2024-09-16T02:06:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:2125",
      "initial_release_date": "2019-08-06T12:11:30+00:00",
      "revision_history": [
        {
          "date": "2019-08-06T12:11:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-08-06T12:11:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T02:06:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
                "product": {
                  "name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
                  "product_id": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/OVMF@20180508-6.gitee3198e672e2.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
                "product": {
                  "name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
                  "product_id": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovmf@20180508-6.gitee3198e672e2.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch"
        },
        "product_reference": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        },
        "product_reference": "ovmf-0:20180508-6.gitee3198e672e2.el7.src",
        "relates_to_product_reference": "7Server-7.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5731",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-10-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1641442"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5731"
        },
        {
          "category": "external",
          "summary": "RHBZ#1641442",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5731",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5731"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c"
    },
    {
      "cve": "CVE-2017-5732",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-10-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1641446"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5732"
        },
        {
          "category": "external",
          "summary": "RHBZ#1641446",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5732"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c"
    },
    {
      "cve": "CVE-2017-5733",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-10-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1641450"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5733"
        },
        {
          "category": "external",
          "summary": "RHBZ#1641450",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5733",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5733"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function"
    },
    {
      "cve": "CVE-2017-5734",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-10-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1641458"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5734"
        },
        {
          "category": "external",
          "summary": "RHBZ#1641458",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function"
    },
    {
      "cve": "CVE-2017-5735",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-10-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1641465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5735"
        },
        {
          "category": "external",
          "summary": "RHBZ#1641465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5735"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function"
    },
    {
      "cve": "CVE-2018-3613",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2018-10-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1641433"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3613"
        },
        {
          "category": "external",
          "summary": "RHBZ#1641433",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3613",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3613"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    },
    {
      "cve": "CVE-2018-12181",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2019-03-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1686783"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Stack buffer overflow with corrupted BMP",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-12181"
        },
        {
          "category": "external",
          "summary": "RHBZ#1686783",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12181"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181"
        }
      ],
      "release_date": "2019-03-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Stack buffer overflow with corrupted BMP"
    },
    {
      "cve": "CVE-2019-0160",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2019-03-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1691640"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0160"
        },
        {
          "category": "external",
          "summary": "RHBZ#1691640",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0160"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160"
        }
      ],
      "release_date": "2019-02-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media"
    },
    {
      "cve": "CVE-2019-0161",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1694065"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "edk2: stack overflow in XHCI causing denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
          "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0161"
        },
        {
          "category": "external",
          "summary": "RHBZ#1694065",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0161",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0161"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161"
        },
        {
          "category": "external",
          "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html",
          "url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html"
        }
      ],
      "release_date": "2018-06-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch",
            "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "edk2: stack overflow in XHCI causing denial of service"
    }
  ]
}

rhsa-2019_3935

Vulnerability from csaf_redhat

Published

2019-11-20 16:08

Modified

2024-09-13 22:01

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release

Notes

Topic

Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release\nfor RHEL 6, RHEL 7 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:3935",
        "url": "https://access.redhat.com/errata/RHSA-2019:3935"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1568253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
      },
      {
        "category": "external",
        "summary": "1644364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "external",
        "summary": "1668493",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
      },
      {
        "category": "external",
        "summary": "1668497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
      },
      {
        "category": "external",
        "summary": "1695020",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
      },
      {
        "category": "external",
        "summary": "1695030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
      },
      {
        "category": "external",
        "summary": "1695042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
      },
      {
        "category": "external",
        "summary": "1735741",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
      },
      {
        "category": "external",
        "summary": "1741860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
      },
      {
        "category": "external",
        "summary": "1741864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
      },
      {
        "category": "external",
        "summary": "1741868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
      },
      {
        "category": "external",
        "summary": "JBCS-798",
        "url": "https://issues.redhat.com/browse/JBCS-798"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_3935.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
    "tracking": {
      "current_release_date": "2024-09-13T22:01:12+00:00",
      "generator": {
        "date": "2024-09-13T22:01:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:3935",
      "initial_release_date": "2019-11-20T16:08:18+00:00",
      "revision_history": [
        {
          "date": "2019-11-20T16:08:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-01-06T13:01:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T22:01:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services 1",
                "product": {
                  "name": "Red Hat JBoss Core Services 1",
                  "product_id": "Red Hat JBoss Core Services 1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0734",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-10-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1644364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: timing side channel attack in the DSA signature algorithm",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "RHBZ#1644364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: timing side channel attack in the DSA signature algorithm"
    },
    {
      "cve": "CVE-2018-0737",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1568253"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "RHBZ#1568253",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
          "url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20180416.txt",
          "url": "https://www.openssl.org/news/secadv/20180416.txt"
        }
      ],
      "release_date": "2018-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    },
    {
      "cve": "CVE-2018-17189",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1668497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17189"
        },
        {
          "category": "external",
          "summary": "RHBZ#1668497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
        }
      ],
      "release_date": "2019-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
    },
    {
      "cve": "CVE-2018-17199",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2019-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1668493"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_session_cookie does not respect expiry time",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17199"
        },
        {
          "category": "external",
          "summary": "RHBZ#1668493",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
        }
      ],
      "release_date": "2019-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_session_cookie does not respect expiry time"
    },
    {
      "cve": "CVE-2019-0196",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: read-after-free on a string compare",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: read-after-free on a string compare"
    },
    {
      "cve": "CVE-2019-0197",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695042"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: possible crash on late upgrade",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695042",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: possible crash on late upgrade"
    },
    {
      "cve": "CVE-2019-0217",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695020"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_auth_digest: access control bypass due to race condition",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695020",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "category": "workaround",
          "details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation.  In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_auth_digest: access control bypass due to race condition"
    },
    {
      "cve": "CVE-2019-9511",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741860"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: large amount of data requests leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741860",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: large amount of data requests leads to denial of service"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Envoy security team"
          ]
        }
      ],
      "cve": "CVE-2019-9513",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1735741"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "RHBZ#1735741",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
          "url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
    },
    {
      "cve": "CVE-2019-9516",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: 0-length headers lead to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
          "url": "https://github.com/nghttp2/nghttp2/issues/1382#"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: 0-length headers lead to denial of service"
    },
    {
      "cve": "CVE-2019-9517",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741868"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: request for large response leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741868",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "category": "workaround",
          "details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
          "product_ids": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Core Services 1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: request for large response leads to denial of service"
    }
  ]
}

rhsa-2019_3929

Vulnerability from csaf_redhat

Published

2019-11-20 16:08

Modified

2024-09-16 02:40

Summary

Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release

Notes

Topic

Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * openssl: 0-byte record padding oracle (CVE-2019-1559) * tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072) * tomcat: XSS in SSI printenv (CVE-2019-0221) * tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:3929",
        "url": "https://access.redhat.com/errata/RHSA-2019:3929"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "external",
        "summary": "1683804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
      },
      {
        "category": "external",
        "summary": "1693325",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
      },
      {
        "category": "external",
        "summary": "1713275",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
      },
      {
        "category": "external",
        "summary": "1723708",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_3929.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
    "tracking": {
      "current_release_date": "2024-09-16T02:40:13+00:00",
      "generator": {
        "date": "2024-09-16T02:40:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:3929",
      "initial_release_date": "2019-11-20T16:08:26+00:00",
      "revision_history": [
        {
          "date": "2019-11-20T16:08:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-12-02T16:26:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T02:40:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
                  "product_id": "7Server-JWS-5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
                  "product_id": "6Server-JWS-5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.2 for RHEL 8",
                  "product_id": "8Base-JWS-5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
                "product": {
                  "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
                  "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
                "product": {
                  "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
                  "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
                "product": {
                  "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
                  "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
                "product": {
                  "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
                  "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
                  "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
                  "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
                "product": {
                  "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
                  "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
                "product": {
                  "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
                  "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
                "product": {
                  "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
                  "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
                "product": {
                  "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
                  "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
                  "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
                  "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
                "product": {
                  "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
                  "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
                "product": {
                  "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
                  "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
                "product": {
                  "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
                  "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
                "product": {
                  "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
                  "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
                  "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
                  "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
                "product": {
                  "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
                  "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
                "product": {
                  "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
                  "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
                "product": {
                  "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
                  "product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
                "product": {
                  "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
                  "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
                "product": {
                  "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
                  "product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
                "product": {
                  "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
                  "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
                "product": {
                  "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
                  "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
                "product": {
                  "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
                  "product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
                "product": {
                  "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
                  "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
                "product": {
                  "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
                  "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
                "product": {
                  "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
                  "product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
                "product": {
                  "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
                  "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
                "product": {
                  "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
                  "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
                "product": {
                  "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
                  "product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
                "product": {
                  "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
                  "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
                "product": {
                  "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
                  "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
                "product": {
                  "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
                  "product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
                "product": {
                  "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
                  "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el7jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el8jws?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
                  "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch"
        },
        "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src"
        },
        "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch"
        },
        "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src"
        },
        "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch"
        },
        "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src"
        },
        "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
        },
        "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src"
        },
        "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch"
        },
        "product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch"
        },
        "product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src"
        },
        "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch"
        },
        "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src"
        },
        "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch"
        },
        "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src"
        },
        "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch"
        },
        "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src"
        },
        "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
        },
        "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src"
        },
        "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch"
        },
        "product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch"
        },
        "product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src"
        },
        "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch"
        },
        "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src"
        },
        "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch"
        },
        "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src"
        },
        "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch"
        },
        "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src"
        },
        "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
        },
        "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src"
        },
        "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch"
        },
        "product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch"
        },
        "product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src"
        },
        "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8",
          "product_id": "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    },
    {
      "cve": "CVE-2019-0199",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-03-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1693325"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat HTTP/2 DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0199"
        },
        {
          "category": "external",
          "summary": "RHBZ#1693325",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
        }
      ],
      "release_date": "2019-03-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat HTTP/2 DoS"
    },
    {
      "cve": "CVE-2019-0221",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1713275"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: XSS in SSI printenv",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0221"
        },
        {
          "category": "external",
          "summary": "RHBZ#1713275",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
        }
      ],
      "release_date": "2019-04-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "category": "workaround",
          "details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: XSS in SSI printenv"
    },
    {
      "cve": "CVE-2019-0232",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2019-04-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1701056"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in Apache Tomcat, where a Java Runtime Environment can pass a command-line argument in the Windows operating system. The execution of arbitrary commands via Tomcat\u2019s Common Gateway Interface (CGI) Servlet, allows an attacker to perform remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Remote Code Execution on Windows",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is specific to the Windows platform\u0027s treatment of file names and how they must be quoted.  Tomcat running on Linux hosts is not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0232"
        },
        {
          "category": "external",
          "summary": "RHBZ#1701056",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701056"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232"
        }
      ],
      "release_date": "2019-04-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Remote Code Execution on Windows"
    },
    {
      "cve": "CVE-2019-1559",
      "cwe": {
        "id": "CWE-325",
        "name": "Missing Cryptographic Step"
      },
      "discovery_date": "2019-02-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1683804"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: 0-byte record padding oracle",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n    - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n    - the attacker has to be a MITM\n    - the attacker has to be able to control the client side to send requests to the buggy server on demand",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-1559"
        },
        {
          "category": "external",
          "summary": "RHBZ#1683804",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
        },
        {
          "category": "external",
          "summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
          "url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20190226.txt",
          "url": "https://www.openssl.org/news/secadv/20190226.txt"
        }
      ],
      "release_date": "2019-02-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "category": "workaround",
          "details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: 0-byte record padding oracle"
    },
    {
      "cve": "CVE-2019-10072",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1723708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
          "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
          "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
          "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
          "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
          "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
          "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
          "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
          "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
          "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
          "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
          "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
          "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
          "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
          "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
          "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
          "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-10072"
        },
        {
          "category": "external",
          "summary": "RHBZ#1723708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
        }
      ],
      "release_date": "2019-06-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "category": "workaround",
          "details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
          "product_ids": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src",
            "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch",
            "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686",
            "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64",
            "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src",
            "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch",
            "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src",
            "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch",
            "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64",
            "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src",
            "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch",
            "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src",
            "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch",
            "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64",
            "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src",
            "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch",
            "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
    }
  ]
}

rhsa-2019_3931

Vulnerability from csaf_redhat

Published

2019-11-20 16:04

Modified

2024-09-16 02:40

Summary

Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release

Notes

Topic

Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * tomcat: XSS in SSI printenv (CVE-2019-0221) * openssl: 0-byte record padding oracle (CVE-2019-1559) * tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072) * tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n \nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) \n* tomcat: XSS in SSI printenv (CVE-2019-0221) \n* openssl: 0-byte record padding oracle (CVE-2019-1559) \n* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:3931",
        "url": "https://access.redhat.com/errata/RHSA-2019:3931"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "external",
        "summary": "1683804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
      },
      {
        "category": "external",
        "summary": "1693325",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
      },
      {
        "category": "external",
        "summary": "1713275",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
      },
      {
        "category": "external",
        "summary": "1723708",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_3931.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release",
    "tracking": {
      "current_release_date": "2024-09-16T02:40:19+00:00",
      "generator": {
        "date": "2024-09-16T02:40:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:3931",
      "initial_release_date": "2019-11-20T16:04:24+00:00",
      "revision_history": [
        {
          "date": "2019-11-20T16:04:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-12-02T16:22:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T02:40:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5",
                "product": {
                  "name": "Red Hat JBoss Web Server 5",
                  "product_id": "Red Hat JBoss Web Server 5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server 5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    },
    {
      "cve": "CVE-2019-0199",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-03-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1693325"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat HTTP/2 DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "pki-servlet-container does not use HTTP/2 in its default configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server 5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0199"
        },
        {
          "category": "external",
          "summary": "RHBZ#1693325",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0199"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199"
        }
      ],
      "release_date": "2019-03-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat HTTP/2 DoS"
    },
    {
      "cve": "CVE-2019-0221",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1713275"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: XSS in SSI printenv",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server 5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0221"
        },
        {
          "category": "external",
          "summary": "RHBZ#1713275",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0221"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221"
        }
      ],
      "release_date": "2019-04-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "category": "workaround",
          "details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: XSS in SSI printenv"
    },
    {
      "cve": "CVE-2019-1559",
      "cwe": {
        "id": "CWE-325",
        "name": "Missing Cryptographic Step"
      },
      "discovery_date": "2019-02-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1683804"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: 0-byte record padding oracle",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n    - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n    - the attacker has to be a MITM\n    - the attacker has to be able to control the client side to send requests to the buggy server on demand",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server 5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-1559"
        },
        {
          "category": "external",
          "summary": "RHBZ#1683804",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559"
        },
        {
          "category": "external",
          "summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles",
          "url": "https://github.com/RUB-NDS/TLS-Padding-Oracles"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20190226.txt",
          "url": "https://www.openssl.org/news/secadv/20190226.txt"
        }
      ],
      "release_date": "2019-02-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "category": "workaround",
          "details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: 0-byte record padding oracle"
    },
    {
      "cve": "CVE-2019-10072",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1723708"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Web Server 5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-10072"
        },
        {
          "category": "external",
          "summary": "RHBZ#1723708",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20"
        }
      ],
      "release_date": "2019-06-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "category": "workaround",
          "details": "pki-servlet-container does not use HTTP/2 in its default configuration.",
          "product_ids": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Web Server 5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199"
    }
  ]
}

rhba-2019_1088

Vulnerability from csaf_redhat

Published

2019-05-08 12:28

Modified

2024-09-13 12:54

Summary

Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update

Notes

Topic

Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.

Details

Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available. The RHVM Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal In this release, support has been added for OpenSCAP security profiles that can be enabled during self-hosted engine deployment. (BZ#1392051)

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.\n\nThe RHVM Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal\n\nIn this release, support has been added for OpenSCAP security profiles that can be enabled during self-hosted engine deployment. (BZ#1392051)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2019:1088",
        "url": "https://access.redhat.com/errata/RHBA-2019:1088"
      },
      {
        "category": "external",
        "summary": "1578835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578835"
      },
      {
        "category": "external",
        "summary": "1579000",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579000"
      },
      {
        "category": "external",
        "summary": "1659450",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659450"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhba-2019_1088.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-09-13T12:54:11+00:00",
      "generator": {
        "date": "2024-09-13T12:54:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHBA-2019:1088",
      "initial_release_date": "2019-05-08T12:28:47+00:00",
      "revision_history": [
        {
          "date": "2019-05-08T12:28:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-05-08T12:28:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T12:54:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                "product": {
                  "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                  "product_id": "7Server-RHEV-4-Agents-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
                "product": {
                  "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
                  "product_id": "7Server-RHEV-4-Hypervisor-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
                "product": {
                  "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
                  "product_id": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190409.0.el7?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhvm-appliance-2:4.3-20190409.0.el7.src",
                "product": {
                  "name": "rhvm-appliance-2:4.3-20190409.0.el7.src",
                  "product_id": "rhvm-appliance-2:4.3-20190409.0.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190409.0.el7?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-appliance-2:4.3-20190409.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src"
        },
        "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.src",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
        },
        "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-appliance-2:4.3-20190409.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
          "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src"
        },
        "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.src",
        "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
          "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
        },
        "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
          "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
          "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
          "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
            "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
            "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
            "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2019:1088"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
            "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
            "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
            "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
            "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64",
            "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src",
            "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    }
  ]
}

rhsa-2019_3933

Vulnerability from csaf_redhat

Published

2019-11-20 16:14

Modified

2024-09-13 22:02

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7

Notes

Topic

An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:3933",
        "url": "https://access.redhat.com/errata/RHSA-2019:3933"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1568253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
      },
      {
        "category": "external",
        "summary": "1644364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "external",
        "summary": "1668493",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
      },
      {
        "category": "external",
        "summary": "1668497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
      },
      {
        "category": "external",
        "summary": "1695020",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
      },
      {
        "category": "external",
        "summary": "1695030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
      },
      {
        "category": "external",
        "summary": "1695042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
      },
      {
        "category": "external",
        "summary": "1735741",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
      },
      {
        "category": "external",
        "summary": "1741860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
      },
      {
        "category": "external",
        "summary": "1741864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
      },
      {
        "category": "external",
        "summary": "1741868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
      },
      {
        "category": "external",
        "summary": "JBCS-798",
        "url": "https://issues.redhat.com/browse/JBCS-798"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_3933.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
    "tracking": {
      "current_release_date": "2024-09-13T22:02:11+00:00",
      "generator": {
        "date": "2024-09-13T22:02:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:3933",
      "initial_release_date": "2019-11-20T16:14:21+00:00",
      "revision_history": [
        {
          "date": "2019-11-20T16:14:21+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-01-06T13:04:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T22:02:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 7 Server",
                  "product_id": "7Server-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
          "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64",
        "relates_to_product_reference": "7Server-JBCS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0734",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-10-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1644364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: timing side channel attack in the DSA signature algorithm",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "RHBZ#1644364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: timing side channel attack in the DSA signature algorithm"
    },
    {
      "cve": "CVE-2018-0737",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1568253"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "RHBZ#1568253",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
          "url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20180416.txt",
          "url": "https://www.openssl.org/news/secadv/20180416.txt"
        }
      ],
      "release_date": "2018-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    },
    {
      "cve": "CVE-2018-17189",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1668497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17189"
        },
        {
          "category": "external",
          "summary": "RHBZ#1668497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
        }
      ],
      "release_date": "2019-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
    },
    {
      "cve": "CVE-2018-17199",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2019-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1668493"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_session_cookie does not respect expiry time",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17199"
        },
        {
          "category": "external",
          "summary": "RHBZ#1668493",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
        }
      ],
      "release_date": "2019-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_session_cookie does not respect expiry time"
    },
    {
      "cve": "CVE-2019-0196",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: read-after-free on a string compare",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: read-after-free on a string compare"
    },
    {
      "cve": "CVE-2019-0197",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695042"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: possible crash on late upgrade",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695042",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: possible crash on late upgrade"
    },
    {
      "cve": "CVE-2019-0217",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695020"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_auth_digest: access control bypass due to race condition",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695020",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "category": "workaround",
          "details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation.  In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_auth_digest: access control bypass due to race condition"
    },
    {
      "cve": "CVE-2019-9511",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741860"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: large amount of data requests leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741860",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: large amount of data requests leads to denial of service"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Envoy security team"
          ]
        }
      ],
      "cve": "CVE-2019-9513",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1735741"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "RHBZ#1735741",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
          "url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
    },
    {
      "cve": "CVE-2019-9516",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: 0-length headers lead to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
          "url": "https://github.com/nghttp2/nghttp2/issues/1382#"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: 0-length headers lead to denial of service"
    },
    {
      "cve": "CVE-2019-9517",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741868"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: request for large response leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
          "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
          "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
          "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741868",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "category": "workaround",
          "details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
          "product_ids": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch",
            "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src",
            "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64",
            "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: request for large response leads to denial of service"
    }
  ]
}

rhsa-2019_3932

Vulnerability from csaf_redhat

Published

2019-11-20 16:22

Modified

2024-09-13 22:02

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6

Notes

Topic

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:3932",
        "url": "https://access.redhat.com/errata/RHSA-2019:3932"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1568253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
      },
      {
        "category": "external",
        "summary": "1644364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
      },
      {
        "category": "external",
        "summary": "1645695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
      },
      {
        "category": "external",
        "summary": "1668493",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
      },
      {
        "category": "external",
        "summary": "1668497",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
      },
      {
        "category": "external",
        "summary": "1695020",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
      },
      {
        "category": "external",
        "summary": "1695030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
      },
      {
        "category": "external",
        "summary": "1695042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
      },
      {
        "category": "external",
        "summary": "1735741",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
      },
      {
        "category": "external",
        "summary": "1741860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
      },
      {
        "category": "external",
        "summary": "1741864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
      },
      {
        "category": "external",
        "summary": "1741868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
      },
      {
        "category": "external",
        "summary": "JBCS-798",
        "url": "https://issues.redhat.com/browse/JBCS-798"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_3932.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
    "tracking": {
      "current_release_date": "2024-09-13T22:02:16+00:00",
      "generator": {
        "date": "2024-09-13T22:02:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:3932",
      "initial_release_date": "2019-11-20T16:22:09+00:00",
      "revision_history": [
        {
          "date": "2019-11-20T16:22:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-01-06T13:05:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T22:02:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services on RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Core Services on RHEL 6 Server",
                  "product_id": "6Server-JBCS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
                "product": {
                  "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
                  "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
                "product": {
                  "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
                  "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
                "product": {
                  "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
                  "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch"
        },
        "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686"
        },
        "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
        "relates_to_product_reference": "6Server-JBCS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
          "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        },
        "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64",
        "relates_to_product_reference": "6Server-JBCS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0734",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-10-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1644364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: timing side channel attack in the DSA signature algorithm",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "RHBZ#1644364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
        }
      ],
      "release_date": "2018-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: timing side channel attack in the DSA signature algorithm"
    },
    {
      "cve": "CVE-2018-0737",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2018-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1568253"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "RHBZ#1568253",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3",
          "url": "http://www.openwall.com/lists/oss-security/2018/04/16/3"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20180416.txt",
          "url": "https://www.openssl.org/news/secadv/20180416.txt"
        }
      ],
      "release_date": "2018-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alejandro Cabrera Aldaya"
          ],
          "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba"
        },
        {
          "names": [
            "Billy Bob Brumley",
            "Cesar Pereida Garcia",
            "Sohaib ul Hassan"
          ]
        },
        {
          "names": [
            "Nicola Tuveri"
          ],
          "organization": "Tampere University of Technology; Finland"
        }
      ],
      "cve": "CVE-2018-5407",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-11-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1645695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "RHBZ#1645695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "https://github.com/bbbrumley/portsmash",
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20181112.txt",
          "url": "https://www.openssl.org/news/secadv/20181112.txt"
        }
      ],
      "release_date": "2018-10-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "category": "workaround",
          "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue.  Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)"
    },
    {
      "cve": "CVE-2018-17189",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1668497"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: DoS via slow, unneeded request bodies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17189"
        },
        {
          "category": "external",
          "summary": "RHBZ#1668497",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189"
        }
      ],
      "release_date": "2019-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: DoS via slow, unneeded request bodies"
    },
    {
      "cve": "CVE-2018-17199",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2019-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1668493"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_session_cookie does not respect expiry time",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-17199"
        },
        {
          "category": "external",
          "summary": "RHBZ#1668493",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199"
        }
      ],
      "release_date": "2019-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_session_cookie does not respect expiry time"
    },
    {
      "cve": "CVE-2019-0196",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: read-after-free on a string compare",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: read-after-free on a string compare"
    },
    {
      "cve": "CVE-2019-0197",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695042"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_http2: possible crash on late upgrade",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695042",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_http2: possible crash on late upgrade"
    },
    {
      "cve": "CVE-2019-0217",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-04-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1695020"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_auth_digest: access control bypass due to race condition",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "RHBZ#1695020",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217"
        },
        {
          "category": "external",
          "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4",
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2019-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "category": "workaround",
          "details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation.  In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_auth_digest: access control bypass due to race condition"
    },
    {
      "cve": "CVE-2019-9511",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741860"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: large amount of data requests leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741860",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: large amount of data requests leads to denial of service"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "the Envoy security team"
          ]
        }
      ],
      "cve": "CVE-2019-9513",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1735741"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "RHBZ#1735741",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/",
          "url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption"
    },
    {
      "cve": "CVE-2019-9516",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: 0-length headers lead to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://github.com/nghttp2/nghttp2/issues/1382#",
          "url": "https://github.com/nghttp2/nghttp2/issues/1382#"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/",
          "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "category": "workaround",
          "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: 0-length headers lead to denial of service"
    },
    {
      "cve": "CVE-2019-9517",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1741868"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: request for large response leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
          "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
          "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "RHBZ#1741868",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
        },
        {
          "category": "external",
          "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
        },
        {
          "category": "external",
          "summary": "https://kb.cert.org/vuls/id/605641/",
          "url": "https://kb.cert.org/vuls/id/605641/"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"
        }
      ],
      "release_date": "2019-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "category": "workaround",
          "details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd",
          "product_ids": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src",
            "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686",
            "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: request for large response leads to denial of service"
    }
  ]
}

wid-sec-w-2022-0517

Vulnerability from csaf_certbund

Published

2019-08-06 22:00

Modified

2023-11-21 23:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0517 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-0517.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0517 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0517"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-6980 vom 2023-11-21",
        "url": "https://linux.oracle.com/errata/ELSA-2023-6980.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2332 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2332"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2336 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2336"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2308 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2308"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2285 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2285"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2290 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2290"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2280 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2280"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2283 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2283"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2272 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2272"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2276 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2276"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2258 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2258"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2229 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2229"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2237 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2237"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2196 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2196"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2197 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2197"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2189 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2189"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2177 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2177"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2178 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2178"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2162 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2162"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2157 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2157"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2137 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2137"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2125 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2125"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2126 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2126"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2112 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2112"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2101 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2101"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2075 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2075"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2049 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2049"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2052 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2052"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2047 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2047"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2048 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2048"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2035 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2035"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2037 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2037"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2017 vom 2019-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:2017"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0471 vom 2020-02-11",
        "url": "https://access.redhat.com/errata/RHSA-2020:0471"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:0471 vom 2020-02-11",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0471-Moderate-CentOS-6-spice-gtk-Security-Update-tp4645840.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2437 vom 2019-08-12",
        "url": "https://access.redhat.com/errata/RHSA-2019:2437"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2285 vom 2019-08-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2285.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2052 vom 2019-08-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2052.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2258 vom 2019-08-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2258.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2178 vom 2019-08-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2178.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2229 vom 2019-08-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2229.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2177 vom 2019-08-16",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2177.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2283 vom 2019-08-19",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2283.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2189 vom 2019-08-21",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2189.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2280 vom 2019-08-21",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2280.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-2332 vom 2019-08-21",
        "url": "http://linux.oracle.com/errata/ELSA-2019-2332.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2267-1 vom 2019-09-02",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192267-1.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2019:2101 vom 2019-09-18",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2101-Low-CentOS-7-exiv2-Security-Update-tp4645686.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2019:2258 vom 2019-09-18",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2258-Moderate-CentOS-7-http-parser-Security-Update-tp4645679.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2730-1 vom 2019-10-22",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2750-1 vom 2019-10-23",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192750-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3338 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3338"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3651 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3651"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3575 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3575"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3583 vom 2019-11-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:3583"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3590 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3590"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3345 vom 2019-11-06",
        "url": "https://access.redhat.com/errata/RHSA-2019:3345"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3497 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3497"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3335 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3335"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:3705 vom 2019-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2019:3705"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2019-209 vom 2019-12-22",
        "url": "https://downloads.avaya.com/css/P8/documents/101060434"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2019-205 vom 2019-12-22",
        "url": "https://downloads.avaya.com/css/P8/documents/101060432"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0595 vom 2020-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2020:0595"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0555-1 vom 2020-03-02",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200555-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0850 vom 2020-03-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:0850"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0851 vom 2020-03-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:0851"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:0851 vom 2020-03-25",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0851-Moderate-CentOS-7-python-virtualenv-Security-Update-tp4645882.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:0850 vom 2020-03-25",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0850-Moderate-CentOS-7-python-pip-Security-Update-tp4645865.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1265 vom 2020-04-01",
        "url": "https://access.redhat.com/errata/RHSA-2020:1265"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0921-1 vom 2020-04-04",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200921-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1471 vom 2020-04-14",
        "url": "https://access.redhat.com/errata/RHSA-2020:1471"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1464 vom 2020-04-14",
        "url": "https://access.redhat.com/errata/RHSA-2020:1464"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1461 vom 2020-04-14",
        "url": "https://access.redhat.com/errata/RHSA-2020:1461"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1577 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1577"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1916 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1916"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1605 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1605"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2068 vom 2020-05-12",
        "url": "https://access.redhat.com/errata/RHSA-2020:2068"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2081 vom 2020-05-12",
        "url": "https://access.redhat.com/errata/RHSA-2020:2081"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:1792-1 vom 2020-06-26",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007049.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3194 vom 2020-07-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:3194"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2711-1 vom 2020-09-22",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007450.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2942-1 vom 2020-10-16",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007582.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4999 vom 2020-11-10",
        "url": "https://access.redhat.com/errata/RHSA-2020:4999"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2470 vom 2020-12-01",
        "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3842-1 vom 2020-12-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008077.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:3841-1 vom 2020-12-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008078.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K00409335 vom 2020-12-29",
        "url": "https://support.f5.com/csp/article/K00409335?utm_source=f5support\u0026utm_medium=RSS"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2645 vom 2021-04-29",
        "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202107-15 vom 2021-07-08",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2021070803"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2802 vom 2021-10-31",
        "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1819-1 vom 2022-05-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011137.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:1448-1 vom 2022-04-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010858.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5497-1 vom 2022-06-30",
        "url": "https://ubuntu.com/security/notices/USN-5497-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2614-1 vom 2022-08-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011724.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5553-1 vom 2022-08-08",
        "url": "https://ubuntu.com/security/notices/USN-5553-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5631-1 vom 2022-09-22",
        "url": "https://ubuntu.com/security/notices/USN-5631-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5671-1 vom 2022-10-12",
        "url": "https://ubuntu.com/security/notices/USN-5671-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:4252-1 vom 2022-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013131.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1939 vom 2023-02-22",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1939.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1940 vom 2023-02-22",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1940.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T16:50:36.403+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2022-0517",
      "initial_release_date": "2019-08-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-08-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-08-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-08-13T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-08-18T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-08-19T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-08-21T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-09-02T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-09-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2019-10-09T22:00:00.000+00:00",
          "number": "9",
          "summary": "Referenz(en) aufgenommen: SUSE-SU-2019:1487-2"
        },
        {
          "date": "2019-10-15T22:00:00.000+00:00",
          "number": "10",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-7B06F18A10, FEDORA-2019-A25D5DF3B4, FEDORA-2019-23638D42F3"
        },
        {
          "date": "2019-10-21T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-05T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-12-22T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2020-01-30T23:00:00.000+00:00",
          "number": "15",
          "summary": "Referenz(en) aufgenommen: FEDORA-2020-CB7B7181A0, FEDORA-2020-1DFAA1963B"
        },
        {
          "date": "2020-02-10T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-02-11T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2020-02-24T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-02T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-03-17T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-25T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2020-03-31T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-04-05T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-04-14T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-04-28T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-05-03T22:00:00.000+00:00",
          "number": "26",
          "summary": "Referenz(en) aufgenommen: USN-4349-1"
        },
        {
          "date": "2020-05-12T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-06-28T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-07-28T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-09-22T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-10-18T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-11-09T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-30T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-12-16T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-12-28T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2021-04-29T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-07-07T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2021-09-08T22:00:00.000+00:00",
          "number": "38",
          "summary": "Referenz(en) aufgenommen: USN-5067-1"
        },
        {
          "date": "2021-10-31T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-04-28T22:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-05-23T22:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-06-30T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-08-01T22:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-08-08T22:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-09-22T22:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-10-11T22:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-11-28T23:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-02-22T23:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-11-21T23:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "49"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux 7",
            "product": {
              "name": "Red Hat Enterprise Linux 7",
              "product_id": "T006054",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:7"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-3616",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2016-3616"
    },
    {
      "cve": "CVE-2017-15111",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-15111"
    },
    {
      "cve": "CVE-2017-15112",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-15112"
    },
    {
      "cve": "CVE-2017-17724",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-17724"
    },
    {
      "cve": "CVE-2017-18189",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-18189"
    },
    {
      "cve": "CVE-2017-18233",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-18233"
    },
    {
      "cve": "CVE-2017-18234",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-18234"
    },
    {
      "cve": "CVE-2017-18236",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-18236"
    },
    {
      "cve": "CVE-2017-18238",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-18238"
    },
    {
      "cve": "CVE-2017-5731",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-5731"
    },
    {
      "cve": "CVE-2017-5732",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-5732"
    },
    {
      "cve": "CVE-2017-5733",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-5733"
    },
    {
      "cve": "CVE-2017-5734",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-5734"
    },
    {
      "cve": "CVE-2017-5735",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-5735"
    },
    {
      "cve": "CVE-2017-6059",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-6059"
    },
    {
      "cve": "CVE-2017-6413",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2017-6413"
    },
    {
      "cve": "CVE-2018-0495",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-0495"
    },
    {
      "cve": "CVE-2018-1000132",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-1000132"
    },
    {
      "cve": "CVE-2018-1000852",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-1000852"
    },
    {
      "cve": "CVE-2018-1000876",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-1000876"
    },
    {
      "cve": "CVE-2018-10689",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-10689"
    },
    {
      "cve": "CVE-2018-10772",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-10772"
    },
    {
      "cve": "CVE-2018-10893",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-10893"
    },
    {
      "cve": "CVE-2018-10958",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-10958"
    },
    {
      "cve": "CVE-2018-10998",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-10998"
    },
    {
      "cve": "CVE-2018-11037",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-11037"
    },
    {
      "cve": "CVE-2018-11212",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-11212"
    },
    {
      "cve": "CVE-2018-11213",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-11213"
    },
    {
      "cve": "CVE-2018-11214",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-11214"
    },
    {
      "cve": "CVE-2018-1122",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-1122"
    },
    {
      "cve": "CVE-2018-11813",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-11813"
    },
    {
      "cve": "CVE-2018-12121",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12121"
    },
    {
      "cve": "CVE-2018-12181",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12181"
    },
    {
      "cve": "CVE-2018-12264",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12264"
    },
    {
      "cve": "CVE-2018-12265",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12265"
    },
    {
      "cve": "CVE-2018-12404",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12404"
    },
    {
      "cve": "CVE-2018-12641",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12641"
    },
    {
      "cve": "CVE-2018-12697",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-12697"
    },
    {
      "cve": "CVE-2018-13259",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-13259"
    },
    {
      "cve": "CVE-2018-13346",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-13346"
    },
    {
      "cve": "CVE-2018-13347",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-13347"
    },
    {
      "cve": "CVE-2018-14046",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-14046"
    },
    {
      "cve": "CVE-2018-14348",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-14348"
    },
    {
      "cve": "CVE-2018-14498",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-14498"
    },
    {
      "cve": "CVE-2018-16062",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-16062"
    },
    {
      "cve": "CVE-2018-16402",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-16402"
    },
    {
      "cve": "CVE-2018-16403",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-16403"
    },
    {
      "cve": "CVE-2018-16548",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-16548"
    },
    {
      "cve": "CVE-2018-16838",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-16838"
    },
    {
      "cve": "CVE-2018-17282",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-17282"
    },
    {
      "cve": "CVE-2018-17336",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-17336"
    },
    {
      "cve": "CVE-2018-17581",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-17581"
    },
    {
      "cve": "CVE-2018-18074",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18074"
    },
    {
      "cve": "CVE-2018-18310",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18310"
    },
    {
      "cve": "CVE-2018-18520",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18520"
    },
    {
      "cve": "CVE-2018-18521",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18521"
    },
    {
      "cve": "CVE-2018-18584",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18584"
    },
    {
      "cve": "CVE-2018-18585",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18585"
    },
    {
      "cve": "CVE-2018-18915",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-18915"
    },
    {
      "cve": "CVE-2018-19044",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19044"
    },
    {
      "cve": "CVE-2018-19107",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19107"
    },
    {
      "cve": "CVE-2018-19108",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19108"
    },
    {
      "cve": "CVE-2018-19198",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19198"
    },
    {
      "cve": "CVE-2018-19199",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19199"
    },
    {
      "cve": "CVE-2018-19208",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19208"
    },
    {
      "cve": "CVE-2018-19535",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19535"
    },
    {
      "cve": "CVE-2018-19607",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-19607"
    },
    {
      "cve": "CVE-2018-20060",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20060"
    },
    {
      "cve": "CVE-2018-20096",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20096"
    },
    {
      "cve": "CVE-2018-20097",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20097"
    },
    {
      "cve": "CVE-2018-20098",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20098"
    },
    {
      "cve": "CVE-2018-20099",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20099"
    },
    {
      "cve": "CVE-2018-20532",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20532"
    },
    {
      "cve": "CVE-2018-20533",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20533"
    },
    {
      "cve": "CVE-2018-20534",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-20534"
    },
    {
      "cve": "CVE-2018-3613",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-3613"
    },
    {
      "cve": "CVE-2018-5407",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-5407"
    },
    {
      "cve": "CVE-2018-6541",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-6541"
    },
    {
      "cve": "CVE-2018-7159",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-7159"
    },
    {
      "cve": "CVE-2018-7409",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-7409"
    },
    {
      "cve": "CVE-2018-7485",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-7485"
    },
    {
      "cve": "CVE-2018-7730",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-7730"
    },
    {
      "cve": "CVE-2018-8976",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-8976"
    },
    {
      "cve": "CVE-2018-8977",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-8977"
    },
    {
      "cve": "CVE-2018-9305",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2018-9305"
    },
    {
      "cve": "CVE-2019-0160",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-0160"
    },
    {
      "cve": "CVE-2019-0161",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-0161"
    },
    {
      "cve": "CVE-2019-10153",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-10153"
    },
    {
      "cve": "CVE-2019-10192",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-10192"
    },
    {
      "cve": "CVE-2019-10193",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-10193"
    },
    {
      "cve": "CVE-2019-11236",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-11236"
    },
    {
      "cve": "CVE-2019-3811",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-3811"
    },
    {
      "cve": "CVE-2019-7149",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-7149"
    },
    {
      "cve": "CVE-2019-7150",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-7150"
    },
    {
      "cve": "CVE-2019-7664",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-7664"
    },
    {
      "cve": "CVE-2019-7665",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-7665"
    },
    {
      "cve": "CVE-2019-8379",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-8379"
    },
    {
      "cve": "CVE-2019-8383",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-8383"
    },
    {
      "cve": "CVE-2019-9755",
      "notes": [
        {
          "category": "description",
          "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T000126",
          "T001663",
          "398363",
          "T012167",
          "1727",
          "T004914",
          "T006054"
        ]
      },
      "release_date": "2019-08-06T22:00:00Z",
      "title": "CVE-2019-9755"
    }
  ]
}

wid-sec-w-2023-1594

Vulnerability from csaf_certbund

Published

2023-06-28 22:00

Modified

2023-06-28 22:00

Summary

IBM Tivoli Network Manager: Mehrere Schwachstellen

Notes

Produktbeschreibung

IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.

Angriff

Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1594 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1594 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/885316"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/884276"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/883428"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/883424"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/882926"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/882898"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/882888"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/880403"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/880401"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/880395"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/879855"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/879841"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/870546"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/870526"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/870508"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/870504"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/870500"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/870498"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/743933"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/739297"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/739271"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/739249"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/739247"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/739245"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/739243"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/738231"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/731931"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/730883"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/730871"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/730845"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/730835"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/730171"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/720307"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/720283"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/720265"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/718745"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/717345"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/717335"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/717327"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/717007"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/716573"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/712213"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/712199"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/570557"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/569765"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/569727"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/569717"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/305321"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/304091"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/304089"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/303663"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-06-28",
        "url": "https://www.ibm.com/support/pages/node/303657"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-06-28T22:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:33:19.626+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-1594",
      "initial_release_date": "2023-06-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
                  "product_id": "T028343",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
                  "product_id": "T028344",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
                  "product_id": "T028345",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
                  "product_id": "T028346",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
                  "product_id": "T028347",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
                  "product_id": "T028348",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
                  "product_id": "T028349",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Network Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-4046",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-4046"
    },
    {
      "cve": "CVE-2019-4030",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-4030"
    },
    {
      "cve": "CVE-2019-2684",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2684"
    },
    {
      "cve": "CVE-2019-2602",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2602"
    },
    {
      "cve": "CVE-2019-2537",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2537"
    },
    {
      "cve": "CVE-2019-2534",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2534"
    },
    {
      "cve": "CVE-2019-2531",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2531"
    },
    {
      "cve": "CVE-2019-2529",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2529"
    },
    {
      "cve": "CVE-2019-2503",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2503"
    },
    {
      "cve": "CVE-2019-2482",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2482"
    },
    {
      "cve": "CVE-2019-2481",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2481"
    },
    {
      "cve": "CVE-2019-2455",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-2455"
    },
    {
      "cve": "CVE-2019-1559",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-1559"
    },
    {
      "cve": "CVE-2019-0220",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2019-0220"
    },
    {
      "cve": "CVE-2018-8039",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-8039"
    },
    {
      "cve": "CVE-2018-5407",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-5407"
    },
    {
      "cve": "CVE-2018-3282",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3282"
    },
    {
      "cve": "CVE-2018-3278",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3278"
    },
    {
      "cve": "CVE-2018-3276",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3276"
    },
    {
      "cve": "CVE-2018-3251",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3251"
    },
    {
      "cve": "CVE-2018-3247",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3247"
    },
    {
      "cve": "CVE-2018-3174",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3174"
    },
    {
      "cve": "CVE-2018-3156",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3156"
    },
    {
      "cve": "CVE-2018-3143",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3143"
    },
    {
      "cve": "CVE-2018-3123",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3123"
    },
    {
      "cve": "CVE-2018-3084",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3084"
    },
    {
      "cve": "CVE-2018-3082",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3082"
    },
    {
      "cve": "CVE-2018-3081",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3081"
    },
    {
      "cve": "CVE-2018-3080",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3080"
    },
    {
      "cve": "CVE-2018-3079",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3079"
    },
    {
      "cve": "CVE-2018-3078",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3078"
    },
    {
      "cve": "CVE-2018-3077",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3077"
    },
    {
      "cve": "CVE-2018-3075",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3075"
    },
    {
      "cve": "CVE-2018-3074",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3074"
    },
    {
      "cve": "CVE-2018-3073",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3073"
    },
    {
      "cve": "CVE-2018-3071",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3071"
    },
    {
      "cve": "CVE-2018-3070",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3070"
    },
    {
      "cve": "CVE-2018-3067",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3067"
    },
    {
      "cve": "CVE-2018-3066",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3066"
    },
    {
      "cve": "CVE-2018-3065",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3065"
    },
    {
      "cve": "CVE-2018-3064",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3064"
    },
    {
      "cve": "CVE-2018-3063",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3063"
    },
    {
      "cve": "CVE-2018-3062",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3062"
    },
    {
      "cve": "CVE-2018-3061",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3061"
    },
    {
      "cve": "CVE-2018-3060",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3060"
    },
    {
      "cve": "CVE-2018-3058",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3058"
    },
    {
      "cve": "CVE-2018-3056",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3056"
    },
    {
      "cve": "CVE-2018-3054",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-3054"
    },
    {
      "cve": "CVE-2018-2877",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2877"
    },
    {
      "cve": "CVE-2018-2846",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2846"
    },
    {
      "cve": "CVE-2018-2839",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2839"
    },
    {
      "cve": "CVE-2018-2819",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2819"
    },
    {
      "cve": "CVE-2018-2818",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2818"
    },
    {
      "cve": "CVE-2018-2817",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2817"
    },
    {
      "cve": "CVE-2018-2816",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2816"
    },
    {
      "cve": "CVE-2018-2813",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2813"
    },
    {
      "cve": "CVE-2018-2812",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2812"
    },
    {
      "cve": "CVE-2018-2810",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2810"
    },
    {
      "cve": "CVE-2018-2805",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2805"
    },
    {
      "cve": "CVE-2018-2787",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2787"
    },
    {
      "cve": "CVE-2018-2786",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2786"
    },
    {
      "cve": "CVE-2018-2784",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2784"
    },
    {
      "cve": "CVE-2018-2782",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2782"
    },
    {
      "cve": "CVE-2018-2781",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2781"
    },
    {
      "cve": "CVE-2018-2780",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2780"
    },
    {
      "cve": "CVE-2018-2779",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2779"
    },
    {
      "cve": "CVE-2018-2778",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2778"
    },
    {
      "cve": "CVE-2018-2777",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2777"
    },
    {
      "cve": "CVE-2018-2776",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2776"
    },
    {
      "cve": "CVE-2018-2775",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2775"
    },
    {
      "cve": "CVE-2018-2773",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2773"
    },
    {
      "cve": "CVE-2018-2771",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2771"
    },
    {
      "cve": "CVE-2018-2769",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2769"
    },
    {
      "cve": "CVE-2018-2766",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2766"
    },
    {
      "cve": "CVE-2018-2762",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2762"
    },
    {
      "cve": "CVE-2018-2761",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2761"
    },
    {
      "cve": "CVE-2018-2759",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2759"
    },
    {
      "cve": "CVE-2018-2758",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2758"
    },
    {
      "cve": "CVE-2018-2755",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2755"
    },
    {
      "cve": "CVE-2018-2598",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-2598"
    },
    {
      "cve": "CVE-2018-1996",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1996"
    },
    {
      "cve": "CVE-2018-1926",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1926"
    },
    {
      "cve": "CVE-2018-1904",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1904"
    },
    {
      "cve": "CVE-2018-1902",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1902"
    },
    {
      "cve": "CVE-2018-1901",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1901"
    },
    {
      "cve": "CVE-2018-1798",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1798"
    },
    {
      "cve": "CVE-2018-1797",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1797"
    },
    {
      "cve": "CVE-2018-1794",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1794"
    },
    {
      "cve": "CVE-2018-1793",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1793"
    },
    {
      "cve": "CVE-2018-1777",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1777"
    },
    {
      "cve": "CVE-2018-1770",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1770"
    },
    {
      "cve": "CVE-2018-1767",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1767"
    },
    {
      "cve": "CVE-2018-1719",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1719"
    },
    {
      "cve": "CVE-2018-1695",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1695"
    },
    {
      "cve": "CVE-2018-1656",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1656"
    },
    {
      "cve": "CVE-2018-1643",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1643"
    },
    {
      "cve": "CVE-2018-1621",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1621"
    },
    {
      "cve": "CVE-2018-1614",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1614"
    },
    {
      "cve": "CVE-2018-1567",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1567"
    },
    {
      "cve": "CVE-2018-1447",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1447"
    },
    {
      "cve": "CVE-2018-1428",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1428"
    },
    {
      "cve": "CVE-2018-1427",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1427"
    },
    {
      "cve": "CVE-2018-1426",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1426"
    },
    {
      "cve": "CVE-2018-1301",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-1301"
    },
    {
      "cve": "CVE-2018-12539",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-12539"
    },
    {
      "cve": "CVE-2018-10237",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-0734",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-0734"
    },
    {
      "cve": "CVE-2018-0732",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2018-0732"
    },
    {
      "cve": "CVE-2017-9798",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-9798"
    },
    {
      "cve": "CVE-2017-3738",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-3738"
    },
    {
      "cve": "CVE-2017-3737",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-3737"
    },
    {
      "cve": "CVE-2017-3736",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-3736"
    },
    {
      "cve": "CVE-2017-3735",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-3735"
    },
    {
      "cve": "CVE-2017-3732",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-3732"
    },
    {
      "cve": "CVE-2017-1743",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-1743"
    },
    {
      "cve": "CVE-2017-1741",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-1741"
    },
    {
      "cve": "CVE-2017-1731",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-1731"
    },
    {
      "cve": "CVE-2017-1681",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-1681"
    },
    {
      "cve": "CVE-2017-15715",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-15715"
    },
    {
      "cve": "CVE-2017-15710",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-15710"
    },
    {
      "cve": "CVE-2017-12624",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-12624"
    },
    {
      "cve": "CVE-2017-12618",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-12618"
    },
    {
      "cve": "CVE-2017-12613",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2017-12613"
    },
    {
      "cve": "CVE-2016-0705",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2016-0705"
    },
    {
      "cve": "CVE-2016-0702",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2016-0702"
    },
    {
      "cve": "CVE-2016-0701",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2016-0701"
    },
    {
      "cve": "CVE-2015-0899",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2015-0899"
    },
    {
      "cve": "CVE-2014-7810",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2014-7810"
    },
    {
      "cve": "CVE-2012-5783",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
        }
      ],
      "release_date": "2023-06-28T22:00:00Z",
      "title": "CVE-2012-5783"
    }
  ]
}

gsd-2018-5407

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Aliases

CVE-2018-5407

Aliases

CVE-2018-5407

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-5407",
    "description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
    "id": "GSD-2018-5407",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-5407.html",
      "https://www.debian.org/security/2018/dsa-4355",
      "https://www.debian.org/security/2018/dsa-4348",
      "https://access.redhat.com/errata/RHSA-2019:3935",
      "https://access.redhat.com/errata/RHSA-2019:3933",
      "https://access.redhat.com/errata/RHSA-2019:3932",
      "https://access.redhat.com/errata/RHSA-2019:3931",
      "https://access.redhat.com/errata/RHSA-2019:3929",
      "https://access.redhat.com/errata/RHSA-2019:2125",
      "https://access.redhat.com/errata/RHBA-2019:1088",
      "https://access.redhat.com/errata/RHBA-2019:1053",
      "https://access.redhat.com/errata/RHSA-2019:0483",
      "https://ubuntu.com/security/CVE-2018-5407",
      "https://advisories.mageia.org/CVE-2018-5407.html",
      "https://security.archlinux.org/CVE-2018-5407",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-5407.html",
      "https://linux.oracle.com/cve/CVE-2018-5407.html",
      "https://packetstormsecurity.com/files/cve/CVE-2018-5407"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-5407"
      ],
      "details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
      "id": "GSD-2018-5407",
      "modified": "2023-12-13T01:22:40.039977Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2018-5407",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Processors supporting Simultaneous Multi-Threading",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "N/A"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "N/A"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2019:0483",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:0483"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
          },
          {
            "name": "USN-3840-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "name": "https://www.tenable.com/security/tns-2018-17",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
            "refsource": "CONFIRM",
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "GLSA-201903-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "name": "https://www.tenable.com/security/tns-2018-16",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "45785",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45785/"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "name": "https://github.com/bbbrumley/portsmash",
            "refsource": "MISC",
            "url": "https://github.com/bbbrumley/portsmash"
          },
          {
            "name": "DSA-4348",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "105897",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105897"
          },
          {
            "name": "https://eprint.iacr.org/2018/1060.pdf",
            "refsource": "MISC",
            "url": "https://eprint.iacr.org/2018/1060.pdf"
          },
          {
            "name": "RHSA-2019:0651",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:0651"
          },
          {
            "name": "RHSA-2019:0652",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:0652"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:2125",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2125"
          },
          {
            "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3929",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3933",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3931",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "name": "RHSA-2019:3935",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.11.4",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.9.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.0i",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2q",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.12.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "3.12.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5407"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/bbbrumley/portsmash",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/bbbrumley/portsmash"
            },
            {
              "name": "https://eprint.iacr.org/2018/1060.pdf",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://eprint.iacr.org/2018/1060.pdf"
            },
            {
              "name": "45785",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45785/"
            },
            {
              "name": "105897",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105897"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "RHSA-2019:0483",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0483"
            },
            {
              "name": "RHSA-2019:0652",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0652"
            },
            {
              "name": "RHSA-2019:0651",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0651"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:2125",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2125"
            },
            {
              "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-09-18T16:58Z",
      "publishedDate": "2018-11-15T21:29Z"
    }
  }
}

ghsa-3rjg-j575-7f6p

Vulnerability from github

Published

2022-05-13 01:16

Modified

2022-05-13 01:16

Severity

4.7 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-5407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-15T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
  "id": "GHSA-3rjg-j575-7f6p",
  "modified": "2022-05-13T01:16:10Z",
  "published": "2022-05-13T01:16:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2018-17"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2018-16"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45785"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4355"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4348"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3840-1"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181126-0001"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201903-10"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bbbrumley/portsmash"
    },
    {
      "type": "WEB",
      "url": "https://eprint.iacr.org/2018/1060.pdf"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3935"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3933"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3932"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3931"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3929"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2125"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0652"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0651"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0483"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105897"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

var-201811-0912

Vulnerability from variot

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz

Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz

Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz

Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

Description:

This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.

This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements.

Security Fix(es):

openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:0483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0483 Issue date: 2019-03-12 CVE Names: CVE-2018-5407 ==================================================================== 1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Perform the RSA signature self-tests with SHA-256 (BZ#1673914)
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

Bugs fixed (https://bugzilla.redhat.com/):

1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

ppc64: openssl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm

ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm

s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm

x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

aarch64: openssl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm openssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm

ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-static-1.0.2k-16.el7_6.1.ppc.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-static-1.0.2k-16.el7_6.1.aarch64.rpm

ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.2k-16.el7_6.1.src.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx 6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z w7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ GncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO 4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT mXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF atGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof Gs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT kzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1 38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa qwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX t5ytPgxAFC4=jvvo -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1.

For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description:

Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - noarch

Description:

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)
edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)
edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)
edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)
edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)
edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)
openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)
edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)
edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):

1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service

6. OpenSSL Security Advisory [12 November 2018]

Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)

Severity: Low

OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.

This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c.

OpenSSL 1.1.0 users should upgrade to 1.1.0i.

This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.

Note

OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0912",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2q"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.0.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "6.14.4"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0.5.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "tuxedo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.1.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "nessus",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.1.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.0.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.0.0"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "10.9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "0.9.8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.12.4"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "8.11.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "enterprise manager base platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.1.0i"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.56"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.9.0",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.11.4",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.14.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2q",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.0i",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.12.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "3.12.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-5407",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-135438",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2018-5407",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-5407",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-135438",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-5407",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz:  Upgraded. \n  For more information, see:\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269  openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8  openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483  openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca  openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7  openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb  openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c  openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573  openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6  openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9  openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30  openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559  openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536  a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7  n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac  a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c  n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737) * openssl: timing side channel attack in the DSA signature\nalgorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to\nrace condition (CVE-2019-0217) * openssl: Side-channel vulnerability on\nSMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) *\nmod_session_cookie does not respect expiry time (CVE-2018-17199) *\nmod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) *\nmod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2:\nread-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2:\nlarge amount of data request leads to denial of service (CVE-2019-9511) *\nnghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive\nresource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers\nleads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for\nlarge response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: openssl security and bug fix update\nAdvisory ID:       RHSA-2019:0483-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0483\nIssue date:        2019-03-12\nCVE Names:         CVE-2018-5407\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nppc64:\nopenssl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\naarch64:\nopenssl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx\n6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z\nw7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ\nGncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO\n4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT\nmXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF\natGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof\nGs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT\nkzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1\n38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa\nqwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX\nt5ytPgxAFC4=jvvo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7) - noarch\n\n3. Description:\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support\nfor Virtual Machines. This package contains a sample 64-bit UEFI firmware\nfor QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in\nTianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in\nBaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable()\nfunction (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable()\nfunction (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode()\nfunction (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege\nescalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names\nand invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users\n1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c\n1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c\n1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function\n1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function\n1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP\n1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n\n6. OpenSSL Security Advisory [12 November 2018]\n============================================\n\nMicroarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\n===================================================================================\n\nSeverity: Low\n\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An attacker\nwith sufficient access to mount local timing attacks during ECDSA signature\ngeneration could recover the private key. \n\nThis issue does not impact OpenSSL 1.1.1 and is already fixed in the latest\nversion of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low\nseverity of this issue we are not creating a new release at this time. The 1.0.2\nmitigation for this issue can be found in commit b18162a7c. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0i. \n\nThis issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera\nAldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. \n\nNote\n====\n\nOpenSSL 1.1.0 is currently only receiving security updates. Support for this\nversion will end on 11th September 2019. Users of this version should upgrade to\nOpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181112.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-135438",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45785",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-5407",
        "trust": 2.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-17",
        "trust": 1.2
      },
      {
        "db": "TENABLE",
        "id": "TNS-2018-16",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "105897",
        "trust": 1.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "45785",
        "trust": 1.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152241",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152240",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152071",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "155415",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150138",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155413",
        "trust": 0.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-279",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-135438",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150437",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155414",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155417",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150561",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "153887",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169678",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "id": "VAR-201811-0912",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:03:27.882000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: Moderate: openssl security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190483 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Ansible Tower 3.4.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190651 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Ansible Tower 3.3.5",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190652 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3840-1"
      },
      {
        "title": "Red Hat: CVE-2018-5407",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5407"
      },
      {
        "title": "HP: HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03597"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-5407"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-7"
      },
      {
        "title": "Red Hat: Moderate: ovmf security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192125 - security advisory"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ffa91dec4581eb47b3539880d466865f"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-8"
      },
      {
        "title": "Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7cc6b04edacd67d6e5bf27bd36f54217"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1188",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=002162619f80b70121c9a8d365823283"
      },
      {
        "title": "IBM: IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8aafdc7a03aa0793602eaa5ae3724cec"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4348-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=78c4a4229b60aec60d80d95cb29a4147"
      },
      {
        "title": "IBM: IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e1dbc019531cd5742827de595730d1b0"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e2e9722c1fb1c14c9f54120082381491"
      },
      {
        "title": "IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=49fff94fe759cd40f1f516a339f15743"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e4ca493bfda92c5355c98328872a84e5"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36f1dd66164e22918d817553be91620"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fda6d001f041b9b0a29d906059d798b4"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c7313d7a6ba5364a603c214269588feb"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ddeebd7237369bd2318e4087834121a5"
      },
      {
        "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-16"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-17"
      },
      {
        "title": "IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3101664cb57ad9d937108c187df59ecf"
      },
      {
        "title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7dde8d528837d3c0eae28428fd6e703d"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
      },
      {
        "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
      },
      {
        "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
      },
      {
        "title": "portsmash",
        "trust": 0.1,
        "url": "https://github.com/bbbrumley/portsmash "
      },
      {
        "title": "vyger",
        "trust": 0.1,
        "url": "https://github.com/mrodden/vyger "
      },
      {
        "title": "Firmware-Security",
        "trust": 0.1,
        "url": "https://github.com/virusbeee/firmware-security "
      },
      {
        "title": "Hardware-and-Firmware-Security-Guidance",
        "trust": 0.1,
        "url": "https://github.com/nsacyber/hardware-and-firmware-security-guidance "
      },
      {
        "title": "hardware-attacks-state-of-the-art",
        "trust": 0.1,
        "url": "https://github.com/codexlynx/hardware-attacks-state-of-the-art "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-203",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/105897"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/45785/"
      },
      {
        "trust": 1.3,
        "url": "https://github.com/bbbrumley/portsmash"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:0483"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:0651"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:0652"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:2125"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3929"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3932"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2019:3935"
      },
      {
        "trust": 1.3,
        "url": "https://usn.ubuntu.com/3840-1/"
      },
      {
        "trust": 1.2,
        "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2018-16"
      },
      {
        "trust": 1.2,
        "url": "https://www.tenable.com/security/tns-2018-17"
      },
      {
        "trust": 1.2,
        "url": "https://www.debian.org/security/2018/dsa-4348"
      },
      {
        "trust": 1.2,
        "url": "https://www.debian.org/security/2018/dsa-4355"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201903-10"
      },
      {
        "trust": 1.2,
        "url": "https://eprint.iacr.org/2018/1060.pdf"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.2,
        "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:3931"
      },
      {
        "trust": 1.2,
        "url": "https://access.redhat.com/errata/rhsa-2019:3933"
      },
      {
        "trust": 1.1,
        "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
      },
      {
        "trust": 0.7,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2018-5407"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html"
      },
      {
        "trust": 0.2,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9517"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0737"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-17199"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-9513"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0217"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0197"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-17189"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0196"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/203.html"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59118"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3835"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/openssl"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0160"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5734"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-12181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0161"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5731"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5732"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-5735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20181112.txt"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "date": "2018-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "date": "2018-11-22T23:23:23",
        "db": "PACKETSTORM",
        "id": "150437"
      },
      {
        "date": "2019-03-27T00:33:09",
        "db": "PACKETSTORM",
        "id": "152240"
      },
      {
        "date": "2019-11-20T23:02:22",
        "db": "PACKETSTORM",
        "id": "155414"
      },
      {
        "date": "2019-11-20T21:11:11",
        "db": "PACKETSTORM",
        "id": "155417"
      },
      {
        "date": "2019-03-13T14:25:37",
        "db": "PACKETSTORM",
        "id": "152071"
      },
      {
        "date": "2018-12-03T21:06:37",
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "date": "2019-11-20T20:44:44",
        "db": "PACKETSTORM",
        "id": "155415"
      },
      {
        "date": "2019-08-06T20:47:00",
        "db": "PACKETSTORM",
        "id": "153887"
      },
      {
        "date": "2019-03-27T00:35:38",
        "db": "PACKETSTORM",
        "id": "152241"
      },
      {
        "date": "2018-11-12T12:12:12",
        "db": "PACKETSTORM",
        "id": "169678"
      },
      {
        "date": "2018-11-15T21:29:00.233000",
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135438"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-5407"
      },
      {
        "date": "2023-11-07T02:58:42.920000",
        "db": "NVD",
        "id": "CVE-2018-5407"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150561"
      },
      {
        "db": "PACKETSTORM",
        "id": "169678"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Slackware Security Advisory - openssl Updates",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "150437"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155415"
      }
    ],
    "trust": 0.1
  }
}

Action not permitted

Vulnerability from cvelistv5

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from gsd

Vulnerability from github

Vulnerability from variot

upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz

6. OpenSSL Security Advisory [12 November 2018]

Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)

Note

References

Tags