rhsa-2013_1011
Vulnerability from csaf_redhat
Published
2013-07-03 15:38
Modified
2024-11-22 06:41
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Notes
Topic
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and
several bugs, is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0,
and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1
Release Notes for information on the most significant of these changes,
available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_proxy_balancer module's manager web interface. If a remote attacker
could trick a user, who was logged into the manager web interface, into
visiting a specially-crafted URL, it would lead to arbitrary web script
execution in the context of the user's manager interface session.
(CVE-2012-4558)
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they were
able to make the victim's browser generate an HTTP request with a
specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module.
During a narrow window of time, if a remote attacker sent requests while a
user was logging in, it could possibly result in the attacker's requests
being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer
encoding input filter processed CRLF sequences. A remote attacker could
use this flaw to send an excessively long request, consuming network
bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding
is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context
implementation performed request management in certain circumstances. If an
application used AsyncListeners and threw RuntimeExceptions, Tomcat could
send a reply that contains information from a different user's request,
possibly leading to the disclosure of sensitive information. This issue
only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat
JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss
Web Server installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5
are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server
process must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user\u0027s manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:1011", "url": "https://access.redhat.com/errata/RHSA-2013:1011" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/", "url": "https://access.redhat.com/site/documentation/" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html", "url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html" }, { "category": "external", "summary": "915883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883" }, { "category": "external", "summary": "915884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884" }, { "category": "external", "summary": "961779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779" }, { "category": "external", "summary": "961783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783" }, { "category": "external", "summary": "961803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1011.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update", "tracking": { "current_release_date": "2024-11-22T06:41:05+00:00", "generator": { "date": "2024-11-22T06:41:05+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2013:1011", "initial_release_date": "2013-07-03T15:38:00+00:00", "revision_history": [ { "date": "2013-07-03T15:38:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-07-03T15:47:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T06:41:05+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "product": { "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "product": { "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "product": { "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "product": { "name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "product": { "name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.22-23.ep6.el5.x86_64", "product": { "name": "httpd-0:2.2.22-23.ep6.el5.x86_64", "product_id": "httpd-0:2.2.22-23.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "product": { "name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "product_id": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "product": { "name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "product_id": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "product": { "name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "product_id": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "product": { "name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "product_id": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "product": { "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "product": { "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "product": { "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "product": { "name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "product_id": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-ap22@1.2.37-2.redhat_1.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "product": { "name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "product_id": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.37-2.redhat_1.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.2.22-23.ep6.el5.i386", "product": { "name": "httpd-0:2.2.22-23.ep6.el5.i386", "product_id": "httpd-0:2.2.22-23.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.22-23.ep6.el5.i386", "product": { "name": "httpd-devel-0:2.2.22-23.ep6.el5.i386", "product_id": "httpd-devel-0:2.2.22-23.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.22-23.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.22-23.ep6.el5.i386", "product": { "name": "httpd-tools-0:2.2.22-23.ep6.el5.i386", "product_id": "httpd-tools-0:2.2.22-23.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.22-23.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.22-23.ep6.el5.i386", "product": { "name": "mod_ssl-1:2.2.22-23.ep6.el5.i386", "product_id": "mod_ssl-1:2.2.22-23.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.22-23.ep6.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.22-23.ep6.el5.i386", "product": { "name": "httpd-manual-0:2.2.22-23.ep6.el5.i386", "product_id": "httpd-manual-0:2.2.22-23.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.22-23.ep6.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "product": { "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "product_id": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-daemon-jsvc-eap6@1.0.15-1.redhat_1.ep6.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "product": { "name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "product": { "name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "product": { "name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "product": { "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "product_id": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.4-1.Final.redhat_1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "product": { "name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "product": { "name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "product": { "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "product_id": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.27-4.redhat_1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "product": { "name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "product_id": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk@1.2.37-2.redhat_1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.22-23.ep6.el5.src", "product": { "name": "httpd-0:2.2.22-23.ep6.el5.src", "product_id": "httpd-0:2.2.22-23.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.22-23.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "product": { "name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "product": { "name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "product": { "name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "product_id": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/dom4j@1.6.1-19.redhat_5.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "product": { "name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "product_id": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ecj3@3.7.2-6.redhat_1.ep6.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product": { "name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_id": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product": { "name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_id": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-tomcat6@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product": { "name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_id": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product": { "name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_id": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-demo@1.2.4-1.Final_redhat_1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "product": { "name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "product_id": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-pool-tomcat-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "product": { "name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "product_id": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-pool-eap6@1.6-6.redhat_4.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "product": { "name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "product_id": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-daemon-eap6@1.0.15-4.redhat_1.ep6.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "product": { "name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_id": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-8_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-el-1.0-api@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "product": { "name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_id": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.40-9_patch_01.ep6.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch" }, "product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src" }, "product_reference": "apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386" }, "product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src" }, "product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64" }, "product_reference": "apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch" }, "product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src" }, "product_reference": "apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch" }, "product_reference": "apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch" }, "product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src" }, "product_reference": "dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch" }, "product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src" }, "product_reference": "ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386" }, "product_reference": "httpd-0:2.2.22-23.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.22-23.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src" }, "product_reference": "httpd-0:2.2.22-23.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64" }, "product_reference": "httpd-0:2.2.22-23.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386" }, "product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64" }, "product_reference": "httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386" }, "product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64" }, "product_reference": "httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386" }, "product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64" }, "product_reference": "httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch" }, "product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src" }, "product_reference": "mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch" }, "product_reference": "mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386" }, "product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src" }, "product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch" }, "product_reference": "mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch" }, "product_reference": "mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src" }, "product_reference": "mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386" }, "product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64" }, "product_reference": "mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386" }, "product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64" }, "product_reference": "mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.22-23.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386" }, "product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64" }, "product_reference": "mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386" }, "product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src" }, "product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64" }, "product_reference": "tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src" }, "product_reference": "tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src" }, "product_reference": "tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" }, "product_reference": "tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-2" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-3499", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "915883" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: multiple XSS flaws due to unescaped hostnames", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3499" }, { "category": "external", "summary": "RHBZ#915883", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915883" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3499", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3499" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3499" } ], "release_date": "2013-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T15:38:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1011" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: multiple XSS flaws due to unescaped hostnames" }, { "cve": "CVE-2012-3544", "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961783" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Limited DoS in chunked transfer encoding input filter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3544" }, { "category": "external", "summary": "RHBZ#961783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3544", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3544" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T15:38:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1011" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Limited DoS in chunked transfer encoding input filter" }, { "cve": "CVE-2012-4558", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "915884" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: XSS flaw in mod_proxy_balancer manager interface", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-4558" }, { "category": "external", "summary": "RHBZ#915884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915884" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4558", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4558" } ], "release_date": "2013-02-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T15:38:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1011" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: XSS flaw in mod_proxy_balancer manager interface" }, { "cve": "CVE-2013-2067", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961779" } ], "notes": [ { "category": "description", "text": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Session fixation in form authenticator", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw allows an attacker to circumvent a session fixation prevention mechanism which was implemented in tomcat 5.5.x \u003e= 5.5.29, 6.0.x \u003e= 6.0.21 and 7.x. Earlier versions of tomcat do not include this mechanism, and are therefore not affected by this flaw. JBoss Web as included in JBoss 5.x products also does not include this mechanism, and is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2067" }, { "category": "external", "summary": "RHBZ#961779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961779" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2067", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2067" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T15:38:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1011" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Session fixation in form authenticator" }, { "cve": "CVE-2013-2071", "discovery_date": "2013-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "961803" } ], "notes": [ { "category": "description", "text": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects tomcat 7. Tomcat 5 and 6 are not affected. The jbossweb servlet container is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2071" }, { "category": "external", "summary": "RHBZ#961803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=961803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2071", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2071" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2071" } ], "release_date": "2013-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-07-03T15:38:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:1011" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.src", "5Server-JBEWS-2:apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5.src", "5Server-JBEWS-2:apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.noarch", "5Server-JBEWS-2:dom4j-0:1.6.1-19.redhat_5.ep6.el5.src", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:ecj3-1:3.7.2-6.redhat_1.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-demo-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-tomcat6-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_cluster-tomcat7-0:1.2.4-1.Final_redhat_1.ep6.el5.noarch", "5Server-JBEWS-2:mod_jk-0:1.2.37-2.redhat_1.ep6.el5.src", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-ap22-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:mod_jk-manual-0:1.2.37-2.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.22-23.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.i386", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.src", "5Server-JBEWS-2:tomcat-native-0:1.1.27-4.redhat_1.ep6.el5.x86_64", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-0:6.0.37-8_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-el-1.0-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-8_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-0:7.0.40-9_patch_01.ep6.el5.src", "5Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-el-1.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-javadoc-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-lib-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-log4j-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.40-9_patch_01.ep6.el5.noarch", "5Server-JBEWS-2:tomcat7-webapps-0:7.0.40-9_patch_01.ep6.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.