rhba-2016_0090
Vulnerability from csaf_redhat
Published
2016-01-29 15:11
Modified
2024-09-13 10:36
Summary
Red Hat Bug Fix Advisory: Red Hat JBoss Web Server 2.1.0 tomcat7 update
Notes
Topic
An update for the Apache Tomcat 7 component for Red Hat JBoss Web Server
2.1.0 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 5 and 7
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
All users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat
Customer Portal are advised to apply this update. The Red Hat JBoss Web
Server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the Apache Tomcat 7 component for Red Hat JBoss Web Server\n2.1.0 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 5 and 7",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2016:0090",
"url": "https://access.redhat.com/errata/RHBA-2016:0090"
},
{
"category": "external",
"summary": "1297687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297687"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhba-2016_0090.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat JBoss Web Server 2.1.0 tomcat7 update",
"tracking": {
"current_release_date": "2024-09-13T10:36:35+00:00",
"generator": {
"date": "2024-09-13T10:36:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHBA-2016:0090",
"initial_release_date": "2016-01-29T15:11:26+00:00",
"revision_history": [
{
"date": "2016-01-29T15:11:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-01-29T15:11:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T10:36:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"product": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"product_id": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-21_patch_05.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"product_id": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-21_patch_05.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"product": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"product_id": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-21_patch_05.ep6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-21_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-21_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-21_patch_05.ep6.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.src"
},
"product_reference": "tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.src"
},
"product_reference": "tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5174",
"discovery_date": "2015-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1265698"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: URL Normalization issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5174"
},
{
"category": "external",
"summary": "RHBZ#1265698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5174"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/149",
"url": "http://seclists.org/bugtraq/2016/Feb/149"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2016:0090"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el5.src",
"5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-21_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: URL Normalization issue"
}
]
}
Loading...