csaf_redhat - rhsa-2016

rhsa-2016_2599

Vulnerability from csaf_redhat

Published

2016-11-03 08:12

Modified

2024-12-15 18:44

Summary

Red Hat Security Advisory: tomcat security, bug fix, and enhancement update

Notes

Topic

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es): * A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763) * A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092) * A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://access.redhat.com/security/updates/classification/",
         text: "Moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright © Red Hat, Inc. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
            title: "Topic",
         },
         {
            category: "general",
            text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.",
            title: "Details",
         },
         {
            category: "legal_disclaimer",
            text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
            title: "Terms of Use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://access.redhat.com/security/team/contact/",
         issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
         name: "Red Hat Product Security",
         namespace: "https://www.redhat.com",
      },
      references: [
         {
            category: "self",
            summary: "https://access.redhat.com/errata/RHSA-2016:2599",
            url: "https://access.redhat.com/errata/RHSA-2016:2599",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/security/updates/classification/#moderate",
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html",
            url: "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html",
         },
         {
            category: "external",
            summary: "1133070",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1133070",
         },
         {
            category: "external",
            summary: "1201409",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1201409",
         },
         {
            category: "external",
            summary: "1208402",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1208402",
         },
         {
            category: "external",
            summary: "1221896",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1221896",
         },
         {
            category: "external",
            summary: "1229476",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1229476",
         },
         {
            category: "external",
            summary: "1240279",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1240279",
         },
         {
            category: "external",
            summary: "1265698",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265698",
         },
         {
            category: "external",
            summary: "1277197",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1277197",
         },
         {
            category: "external",
            summary: "1287928",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1287928",
         },
         {
            category: "external",
            summary: "1311076",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076",
         },
         {
            category: "external",
            summary: "1311082",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082",
         },
         {
            category: "external",
            summary: "1311087",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087",
         },
         {
            category: "external",
            summary: "1311089",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089",
         },
         {
            category: "external",
            summary: "1311093",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093",
         },
         {
            category: "external",
            summary: "1311622",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311622",
         },
         {
            category: "external",
            summary: "1320853",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1320853",
         },
         {
            category: "external",
            summary: "1327326",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1327326",
         },
         {
            category: "external",
            summary: "1347774",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1347774",
         },
         {
            category: "external",
            summary: "1347860",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1347860",
         },
         {
            category: "external",
            summary: "1349468",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
         },
         {
            category: "self",
            summary: "Canonical URL",
            url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2599.json",
         },
      ],
      title: "Red Hat Security Advisory: tomcat security, bug fix, and enhancement update",
      tracking: {
         current_release_date: "2024-12-15T18:44:43+00:00",
         generator: {
            date: "2024-12-15T18:44:43+00:00",
            engine: {
               name: "Red Hat SDEngine",
               version: "4.2.3",
            },
         },
         id: "RHSA-2016:2599",
         initial_release_date: "2016-11-03T08:12:12+00:00",
         revision_history: [
            {
               date: "2016-11-03T08:12:12+00:00",
               number: "1",
               summary: "Initial version",
            },
            {
               date: "2016-11-03T08:12:12+00:00",
               number: "2",
               summary: "Last updated version",
            },
            {
               date: "2024-12-15T18:44:43+00:00",
               number: "3",
               summary: "Last generated version",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Client (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Client (v. 7)",
                           product_id: "7Client",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Client Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Client Optional (v. 7)",
                           product_id: "7Client-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux ComputeNode (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux ComputeNode (v. 7)",
                           product_id: "7ComputeNode",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                           product_id: "7ComputeNode-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Server (v. 7)",
                           product_id: "7Server",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Server Optional (v. 7)",
                           product_id: "7Server-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation (v. 7)",
                           product_id: "7Workstation",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::workstation",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                           product_id: "7Workstation-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::workstation",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "Red Hat Enterprise Linux",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat-webapps-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-webapps-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-webapps-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-webapps@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-admin-webapps@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-lib-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-lib-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-lib-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-lib@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-javadoc@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-jsvc@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                        product: {
                           name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                           product_id: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-docs-webapp@7.0.69-10.el7?arch=noarch",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat-0:7.0.69-10.el7.src",
                        product: {
                           name: "tomcat-0:7.0.69-10.el7.src",
                           product_id: "tomcat-0:7.0.69-10.el7.src",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat@7.0.69-10.el7?arch=src",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "src",
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-0:7.0.69-10.el7.src",
            },
            product_reference: "tomcat-0:7.0.69-10.el7.src",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.69-10.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2014-0230",
         cwe: {
            id: "CWE-770",
            name: "Allocation of Resources Without Limits or Throttling",
         },
         discovery_date: "2015-02-10T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1191200",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2014-0230",
            },
            {
               category: "external",
               summary: "RHBZ#1191200",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1191200",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2014-0230",
               url: "https://www.cve.org/CVERecord?id=CVE-2014-0230",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
               url: "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
               url: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
               url: "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
            },
         ],
         release_date: "2014-07-19T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
      },
      {
         cve: "CVE-2015-5174",
         discovery_date: "2015-08-09T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1265698",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: URL Normalization issue",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2015-5174",
            },
            {
               category: "external",
               summary: "RHBZ#1265698",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265698",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2015-5174",
               url: "https://www.cve.org/CVERecord?id=CVE-2015-5174",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5174",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5174",
            },
            {
               category: "external",
               summary: "http://seclists.org/bugtraq/2016/Feb/149",
               url: "http://seclists.org/bugtraq/2016/Feb/149",
            },
         ],
         release_date: "2016-02-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: URL Normalization issue",
      },
      {
         cve: "CVE-2015-5345",
         cwe: {
            id: "CWE-552",
            name: "Files or Directories Accessible to External Parties",
         },
         discovery_date: "2016-02-22T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1311089",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: directory disclosure",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2015-5345",
            },
            {
               category: "external",
               summary: "RHBZ#1311089",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311089",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2015-5345",
               url: "https://www.cve.org/CVERecord?id=CVE-2015-5345",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5345",
            },
            {
               category: "external",
               summary: "http://seclists.org/bugtraq/2016/Feb/146",
               url: "http://seclists.org/bugtraq/2016/Feb/146",
            },
         ],
         release_date: "2016-02-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: directory disclosure",
      },
      {
         cve: "CVE-2015-5351",
         cwe: {
            id: "CWE-352",
            name: "Cross-Site Request Forgery (CSRF)",
         },
         discovery_date: "2016-02-22T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1311076",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: CSRF token leak",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2015-5351",
            },
            {
               category: "external",
               summary: "RHBZ#1311076",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311076",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2015-5351",
               url: "https://www.cve.org/CVERecord?id=CVE-2015-5351",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
            },
            {
               category: "external",
               summary: "http://seclists.org/bugtraq/2016/Feb/148",
               url: "http://seclists.org/bugtraq/2016/Feb/148",
            },
         ],
         release_date: "2016-02-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.4,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: CSRF token leak",
      },
      {
         cve: "CVE-2016-0706",
         cwe: {
            id: "CWE-287",
            name: "Improper Authentication",
         },
         discovery_date: "2016-02-22T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1311087",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: security manager bypass via StatusManagerServlet",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-0706",
            },
            {
               category: "external",
               summary: "RHBZ#1311087",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311087",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-0706",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-0706",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
            },
            {
               category: "external",
               summary: "http://seclists.org/bugtraq/2016/Feb/144",
               url: "http://seclists.org/bugtraq/2016/Feb/144",
            },
         ],
         release_date: "2016-02-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 2.9,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: security manager bypass via StatusManagerServlet",
      },
      {
         cve: "CVE-2016-0714",
         cwe: {
            id: "CWE-290",
            name: "Authentication Bypass by Spoofing",
         },
         discovery_date: "2016-02-22T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1311082",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: Security Manager bypass via persistence mechanisms",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-0714",
            },
            {
               category: "external",
               summary: "RHBZ#1311082",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311082",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-0714",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-0714",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
            },
            {
               category: "external",
               summary: "http://seclists.org/bugtraq/2016/Feb/145",
               url: "http://seclists.org/bugtraq/2016/Feb/145",
            },
         ],
         release_date: "2016-02-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: Security Manager bypass via persistence mechanisms",
      },
      {
         cve: "CVE-2016-0763",
         cwe: {
            id: "CWE-287",
            name: "Improper Authentication",
         },
         discovery_date: "2016-02-22T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1311093",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: security manager bypass via setGlobalContext()",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-0763",
            },
            {
               category: "external",
               summary: "RHBZ#1311093",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311093",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-0763",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-0763",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
            },
            {
               category: "external",
               summary: "http://seclists.org/bugtraq/2016/Feb/147",
               url: "http://seclists.org/bugtraq/2016/Feb/147",
            },
         ],
         release_date: "2016-02-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: security manager bypass via setGlobalContext()",
      },
      {
         cve: "CVE-2016-3092",
         cwe: {
            id: "CWE-20",
            name: "Improper Input Validation",
         },
         discovery_date: "2016-06-21T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1349468",
            },
         ],
         notes: [
            {
               category: "description",
               text: "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-0:7.0.69-10.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-0:7.0.69-10.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-0:7.0.69-10.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-0:7.0.69-10.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-0:7.0.69-10.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-3092",
            },
            {
               category: "external",
               summary: "RHBZ#1349468",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-3092",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-3092",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-7.html",
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-8.html",
               url: "http://tomcat.apache.org/security-8.html",
            },
         ],
         release_date: "2016-06-21T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2016-11-03T08:12:12+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2016:2599",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-0:7.0.69-10.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.69-10.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-0:7.0.69-10.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-0:7.0.69-10.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
      },
   ],
}

cve-2014-0230

Vulnerability from cvelistv5

Published

2015-06-07 23:00

Modified

2024-08-06 09:05

Severity ?

Summary

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

References

▼	URL	Tags
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2654-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-1622.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://issues.jboss.org/browse/JWS-220	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-0599.html	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1603779	x_refsource_CONFIRM
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145974991225029&w=2	vendor-advisory, x_refsource_HP
	http://openwall.com/lists/oss-security/2015/04/10/1	mailing-list, x_refsource_MLIST
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2015-2661.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-0596.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0595.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2015:2659	vendor-advisory, x_refsource_REDHAT
	http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E	mailing-list, x_refsource_MLIST
	http://marc.info/?l=bugtraq&m=144498216801440&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2016-0598.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2015:2660	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-2655-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2015-1621.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/74475	vdb-entry, x_refsource_BID
	https://issues.jboss.org/browse/JWS-219	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3447	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1603775	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1603770	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0597.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.368Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
               },
               {
                  name: "USN-2654-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2654-1",
               },
               {
                  name: "RHSA-2015:1622",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1622.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.jboss.org/browse/JWS-220",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  name: "RHSA-2016:0599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0599.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1603779",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "HPSBUX03561",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
               },
               {
                  name: "[oss-security] 20150409 Apache Tomcat partial file upload DoS CVE-2014-0230",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2015/04/10/1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2015:2661",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
               },
               {
                  name: "RHSA-2016:0596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0596.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
               },
               {
                  name: "RHSA-2016:0595",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0595.html",
               },
               {
                  name: "RHSA-2015:2659",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:2659",
               },
               {
                  name: "[tomcat-announce] 20150505 [SECURITY] CVE-2014-0230: Apache Tomcat DoS",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E",
               },
               {
                  name: "HPSBOV03503",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=144498216801440&w=2",
               },
               {
                  name: "RHSA-2016:0598",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0598.html",
               },
               {
                  name: "RHSA-2015:2660",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:2660",
               },
               {
                  name: "USN-2655-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2655-1",
               },
               {
                  name: "RHSA-2015:1621",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1621.html",
               },
               {
                  name: "74475",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/74475",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.jboss.org/browse/JWS-219",
               },
               {
                  name: "DSA-3447",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3447",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1603775",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1603770",
               },
               {
                  name: "RHSA-2016:0597",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0597.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-04-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:10:12",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            },
            {
               name: "USN-2654-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2654-1",
            },
            {
               name: "RHSA-2015:1622",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1622.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.jboss.org/browse/JWS-220",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               name: "RHSA-2016:0599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0599.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1603779",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "HPSBUX03561",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
            },
            {
               name: "[oss-security] 20150409 Apache Tomcat partial file upload DoS CVE-2014-0230",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openwall.com/lists/oss-security/2015/04/10/1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2015:2661",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
            },
            {
               name: "RHSA-2016:0596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0596.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
            },
            {
               name: "RHSA-2016:0595",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0595.html",
            },
            {
               name: "RHSA-2015:2659",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:2659",
            },
            {
               name: "[tomcat-announce] 20150505 [SECURITY] CVE-2014-0230: Apache Tomcat DoS",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E",
            },
            {
               name: "HPSBOV03503",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=144498216801440&w=2",
            },
            {
               name: "RHSA-2016:0598",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0598.html",
            },
            {
               name: "RHSA-2015:2660",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:2660",
            },
            {
               name: "USN-2655-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2655-1",
            },
            {
               name: "RHSA-2015:1621",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1621.html",
            },
            {
               name: "74475",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/74475",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.jboss.org/browse/JWS-219",
            },
            {
               name: "DSA-3447",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3447",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1603775",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1603770",
            },
            {
               name: "RHSA-2016:0597",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0597.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2014-0230",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
                  },
                  {
                     name: "USN-2654-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2654-1",
                  },
                  {
                     name: "RHSA-2015:1622",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1622.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "https://issues.jboss.org/browse/JWS-220",
                     refsource: "CONFIRM",
                     url: "https://issues.jboss.org/browse/JWS-220",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "RHSA-2016:0599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0599.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1603779",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1603779",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "HPSBUX03561",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
                  },
                  {
                     name: "[oss-security] 20150409 Apache Tomcat partial file upload DoS CVE-2014-0230",
                     refsource: "MLIST",
                     url: "http://openwall.com/lists/oss-security/2015/04/10/1",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2015:2661",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
                  },
                  {
                     name: "RHSA-2016:0596",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0596.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
                     refsource: "CONFIRM",
                     url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
                  },
                  {
                     name: "RHSA-2016:0595",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0595.html",
                  },
                  {
                     name: "RHSA-2015:2659",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2015:2659",
                  },
                  {
                     name: "[tomcat-announce] 20150505 [SECURITY] CVE-2014-0230: Apache Tomcat DoS",
                     refsource: "MLIST",
                     url: "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E",
                  },
                  {
                     name: "HPSBOV03503",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=144498216801440&w=2",
                  },
                  {
                     name: "RHSA-2016:0598",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0598.html",
                  },
                  {
                     name: "RHSA-2015:2660",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2015:2660",
                  },
                  {
                     name: "USN-2655-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2655-1",
                  },
                  {
                     name: "RHSA-2015:1621",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1621.html",
                  },
                  {
                     name: "74475",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/74475",
                  },
                  {
                     name: "https://issues.jboss.org/browse/JWS-219",
                     refsource: "CONFIRM",
                     url: "https://issues.jboss.org/browse/JWS-219",
                  },
                  {
                     name: "DSA-3447",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3447",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1603775",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1603775",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1603770",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1603770",
                  },
                  {
                     name: "RHSA-2016:0597",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0597.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0230",
      datePublished: "2015-06-07T23:00:00",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.368Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0714

Vulnerability from cvelistv5

Published

2016-02-25 01:00

Modified

2024-08-05 22:30

Severity ?

Summary

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

References

▼	URL	Tags
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	http://svn.apache.org/viewvc?view=revision&revision=1726196	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Feb/145	mailing-list, x_refsource_BUGTRAQ
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html	vendor-advisory, x_refsource_SUSE
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2045.html	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1725263	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1726923	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1727166	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1727034	x_refsource_CONFIRM
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1725914	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145974991225029&w=2	vendor-advisory, x_refsource_HP
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037640	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2016-1089.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1087	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035069	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa118	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2807.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1088	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180531-0001/	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2808.html	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1726203	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1727182	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/83327	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:03.540Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1726196",
               },
               {
                  name: "20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2016/Feb/145",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "openSUSE-SU-2016:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "SUSE-SU-2016:0769",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
               },
               {
                  name: "RHSA-2016:2045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1725263",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1726923",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1727166",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1727034",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1725914",
               },
               {
                  name: "HPSBUX03561",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  name: "1037640",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037640",
               },
               {
                  name: "RHSA-2016:1089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2016:1087",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1087",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  name: "1035069",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035069",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa118",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
               },
               {
                  name: "RHSA-2016:2807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
               },
               {
                  name: "RHSA-2016:1088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1088",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  name: "RHSA-2016:2808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1726203",
               },
               {
                  name: "SUSE-SU-2016:0822",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1727182",
               },
               {
                  name: "83327",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83327",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  name: "SUSE-SU-2016:0839",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
               },
               {
                  name: "DSA-3552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3552",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:09:55",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1726196",
            },
            {
               name: "20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2016/Feb/145",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "openSUSE-SU-2016:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "SUSE-SU-2016:0769",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
            },
            {
               name: "RHSA-2016:2045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1725263",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1726923",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1727166",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1727034",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1725914",
            },
            {
               name: "HPSBUX03561",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               name: "1037640",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037640",
            },
            {
               name: "RHSA-2016:1089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2016:1087",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1087",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               name: "1035069",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035069",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bto.bluecoat.com/security-advisory/sa118",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
            },
            {
               name: "RHSA-2016:2807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
            },
            {
               name: "RHSA-2016:1088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1088",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               name: "RHSA-2016:2808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1726203",
            },
            {
               name: "SUSE-SU-2016:0822",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1727182",
            },
            {
               name: "83327",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83327",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               name: "SUSE-SU-2016:0839",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
            },
            {
               name: "DSA-3552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3552",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0714",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1726196",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1726196",
                  },
                  {
                     name: "20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2016/Feb/145",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  },
                  {
                     name: "openSUSE-SU-2016:0865",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "SUSE-SU-2016:0769",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
                  },
                  {
                     name: "RHSA-2016:2045",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1725263",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1725263",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1726923",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1726923",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1727166",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1727166",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1727034",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1727034",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1725914",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1725914",
                  },
                  {
                     name: "HPSBUX03561",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                  },
                  {
                     name: "1037640",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037640",
                  },
                  {
                     name: "RHSA-2016:1089",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2016:1087",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1087",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  },
                  {
                     name: "1035069",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035069",
                  },
                  {
                     name: "https://bto.bluecoat.com/security-advisory/sa118",
                     refsource: "CONFIRM",
                     url: "https://bto.bluecoat.com/security-advisory/sa118",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                  },
                  {
                     name: "RHSA-2016:2807",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
                  },
                  {
                     name: "RHSA-2016:1088",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1088",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "RHSA-2016:2808",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1726203",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1726203",
                  },
                  {
                     name: "SUSE-SU-2016:0822",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1727182",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1727182",
                  },
                  {
                     name: "83327",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83327",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "SUSE-SU-2016:0839",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                  },
                  {
                     name: "DSA-3552",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3552",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0714",
      datePublished: "2016-02-25T01:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:03.540Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3092

Vulnerability from cvelistv5

Published

2016-07-04 22:00

Modified

2024-08-05 23:40

Severity ?

Summary

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

References

▼	URL	Tags
	http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121	third-party-advisory, x_refsource_JVNDB
	https://security.netapp.com/advisory/ntap-20190212-0001/	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1743480	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	http://svn.apache.org/viewvc?view=revision&revision=1743738	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840	x_refsource_CONFIRM
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-2069.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1037029	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2016-2068.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036900	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/91453	vdb-entry, x_refsource_BID
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2072.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1743722	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3611	vendor-advisory, x_refsource_DEBIAN
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2807.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html	vendor-advisory, x_refsource_SUSE
	http://jvn.jp/en/jp/JVN89379547/index.html	third-party-advisory, x_refsource_JVN
	http://www.securitytracker.com/id/1036427	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2016-2070.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2808.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1039606	vdb-entry, x_refsource_SECTRACK
	http://svn.apache.org/viewvc?view=revision&revision=1743742	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3614	vendor-advisory, x_refsource_DEBIAN
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	x_refsource_CONFIRM
	http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1349468	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2071.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3027-1	vendor-advisory, x_refsource_UBUNTU
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://security.gentoo.org/glsa/202107-39	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:40:15.604Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "JVNDB-2016-000121",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVNDB",
                     "x_transferred",
                  ],
                  url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190212-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1743480",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1743738",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "RHSA-2016:2069",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html",
               },
               {
                  name: "1037029",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037029",
               },
               {
                  name: "RHSA-2016:2068",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "1036900",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036900",
               },
               {
                  name: "91453",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91453",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2016:2072",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1743722",
               },
               {
                  name: "DSA-3611",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3611",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
               },
               {
                  name: "RHSA-2016:2807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "openSUSE-SU-2016:2252",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html",
               },
               {
                  name: "JVN#89379547",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVN",
                     "x_transferred",
                  ],
                  url: "http://jvn.jp/en/jp/JVN89379547/index.html",
               },
               {
                  name: "1036427",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036427",
               },
               {
                  name: "RHSA-2016:2070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html",
               },
               {
                  name: "RHSA-2017:0457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
               },
               {
                  name: "RHSA-2016:2808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
               },
               {
                  name: "1039606",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1039606",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1743742",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  name: "RHSA-2017:0455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0455",
               },
               {
                  name: "DSA-3614",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3614",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  name: "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E",
               },
               {
                  name: "RHSA-2017:0456",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0456",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
               },
               {
                  name: "RHSA-2016:2071",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html",
               },
               {
                  name: "USN-3027-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3027-1",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  name: "GLSA-202107-39",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202107-39",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-17T07:06:23",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "JVNDB-2016-000121",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
               ],
               url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20190212-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1743480",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1743738",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "RHSA-2016:2069",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html",
            },
            {
               name: "1037029",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037029",
            },
            {
               name: "RHSA-2016:2068",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "1036900",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036900",
            },
            {
               name: "91453",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/91453",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2016:2072",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1743722",
            },
            {
               name: "DSA-3611",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3611",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
            },
            {
               name: "RHSA-2016:2807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "openSUSE-SU-2016:2252",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html",
            },
            {
               name: "JVN#89379547",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVN",
               ],
               url: "http://jvn.jp/en/jp/JVN89379547/index.html",
            },
            {
               name: "1036427",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036427",
            },
            {
               name: "RHSA-2016:2070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html",
            },
            {
               name: "RHSA-2017:0457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
            },
            {
               name: "RHSA-2016:2808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
            },
            {
               name: "1039606",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1039606",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1743742",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               name: "RHSA-2017:0455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0455",
            },
            {
               name: "DSA-3614",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3614",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               name: "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E",
            },
            {
               name: "RHSA-2017:0456",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0456",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
            },
            {
               name: "RHSA-2016:2071",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html",
            },
            {
               name: "USN-3027-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3027-1",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               name: "GLSA-202107-39",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202107-39",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3092",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "JVNDB-2016-000121",
                     refsource: "JVNDB",
                     url: "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20190212-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20190212-0001/",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1743480",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1743480",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1743738",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1743738",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
                  },
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "RHSA-2016:2069",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2069.html",
                  },
                  {
                     name: "1037029",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037029",
                  },
                  {
                     name: "RHSA-2016:2068",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2068.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "1036900",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036900",
                  },
                  {
                     name: "91453",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/91453",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2016:2072",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2072.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1743722",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1743722",
                  },
                  {
                     name: "DSA-3611",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3611",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
                  },
                  {
                     name: "RHSA-2016:2807",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  },
                  {
                     name: "openSUSE-SU-2016:2252",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html",
                  },
                  {
                     name: "JVN#89379547",
                     refsource: "JVN",
                     url: "http://jvn.jp/en/jp/JVN89379547/index.html",
                  },
                  {
                     name: "1036427",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036427",
                  },
                  {
                     name: "RHSA-2016:2070",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2070.html",
                  },
                  {
                     name: "RHSA-2017:0457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
                  },
                  {
                     name: "RHSA-2016:2808",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
                  },
                  {
                     name: "1039606",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1039606",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1743742",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1743742",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "RHSA-2017:0455",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0455",
                  },
                  {
                     name: "DSA-3614",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3614",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  },
                  {
                     name: "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
                     refsource: "MLIST",
                     url: "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E",
                  },
                  {
                     name: "RHSA-2017:0456",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0456",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
                  },
                  {
                     name: "RHSA-2016:2071",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2071.html",
                  },
                  {
                     name: "USN-3027-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3027-1",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "GLSA-202107-39",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202107-39",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3092",
      datePublished: "2016-07-04T22:00:00",
      dateReserved: "2016-03-10T00:00:00",
      dateUpdated: "2024-08-05T23:40:15.604Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5351

Vulnerability from cvelistv5

Published

2016-02-25 01:00

Modified

2024-08-06 06:41

Severity ?

Summary

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/83330	vdb-entry, x_refsource_BID
	http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html	x_refsource_MISC
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	http://svn.apache.org/viewvc?view=revision&revision=1720658	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html	vendor-advisory, x_refsource_SUSE
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Feb/148	mailing-list, x_refsource_BUGTRAQ
	http://rhn.redhat.com/errata/RHSA-2016-1089.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1087	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1720655	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035069	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa118	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1720663	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2807.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1088	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180531-0001/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2808.html	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1720661	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1720652	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626	x_refsource_CONFIRM
	https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1720660	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.347Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "83330",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83330",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1720658",
               },
               {
                  name: "openSUSE-SU-2016:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "SUSE-SU-2016:0769",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  name: "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2016/Feb/148",
               },
               {
                  name: "RHSA-2016:1089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2016:1087",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1087",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1720655",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  name: "1035069",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035069",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa118",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1720663",
               },
               {
                  name: "RHSA-2016:2807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
               },
               {
                  name: "RHSA-2016:1088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1088",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
               },
               {
                  name: "RHSA-2016:2808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1720661",
               },
               {
                  name: "SUSE-SU-2016:0822",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1720652",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021",
               },
               {
                  name: "DSA-3552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3552",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1720660",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:06:20",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "83330",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83330",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1720658",
            },
            {
               name: "openSUSE-SU-2016:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "SUSE-SU-2016:0769",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               name: "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2016/Feb/148",
            },
            {
               name: "RHSA-2016:1089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2016:1087",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1087",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1720655",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               name: "1035069",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035069",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bto.bluecoat.com/security-advisory/sa118",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1720663",
            },
            {
               name: "RHSA-2016:2807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
            },
            {
               name: "RHSA-2016:1088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1088",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
            },
            {
               name: "RHSA-2016:2808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1720661",
            },
            {
               name: "SUSE-SU-2016:0822",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1720652",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021",
            },
            {
               name: "DSA-3552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3552",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1720660",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5351",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "83330",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83330",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1720658",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1720658",
                  },
                  {
                     name: "openSUSE-SU-2016:0865",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "SUSE-SU-2016:0769",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                  },
                  {
                     name: "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2016/Feb/148",
                  },
                  {
                     name: "RHSA-2016:1089",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2016:1087",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1087",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1720655",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1720655",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  },
                  {
                     name: "1035069",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035069",
                  },
                  {
                     name: "https://bto.bluecoat.com/security-advisory/sa118",
                     refsource: "CONFIRM",
                     url: "https://bto.bluecoat.com/security-advisory/sa118",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1720663",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1720663",
                  },
                  {
                     name: "RHSA-2016:2807",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
                  },
                  {
                     name: "RHSA-2016:1088",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1088",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                  },
                  {
                     name: "RHSA-2016:2808",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1720661",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1720661",
                  },
                  {
                     name: "SUSE-SU-2016:0822",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1720652",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1720652",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                  },
                  {
                     name: "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021",
                     refsource: "CONFIRM",
                     url: "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021",
                  },
                  {
                     name: "DSA-3552",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3552",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1720660",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1720660",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5351",
      datePublished: "2016-02-25T01:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.347Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0763

Vulnerability from cvelistv5

Published

2016-02-25 01:00

Modified

2024-08-05 22:30

Severity ?

Summary

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	http://svn.apache.org/viewvc?view=revision&revision=1725931	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html	vendor-advisory, x_refsource_SUSE
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Feb/147	mailing-list, x_refsource_BUGTRAQ
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1089.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html	vendor-advisory, x_refsource_FEDORA
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1087	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035069	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa118	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2807.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1088	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180531-0001/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2808.html	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1725929	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/83326	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1725926	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:04.044Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1725931",
               },
               {
                  name: "openSUSE-SU-2016:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "SUSE-SU-2016:0769",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "20160222 [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2016/Feb/147",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  name: "RHSA-2016:1089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
               },
               {
                  name: "FEDORA-2016-e6651efbaf",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2016:1087",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1087",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  name: "1035069",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035069",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa118",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
               },
               {
                  name: "RHSA-2016:2807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
               },
               {
                  name: "RHSA-2016:1088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1088",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
               },
               {
                  name: "RHSA-2016:2808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1725929",
               },
               {
                  name: "SUSE-SU-2016:0822",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "83326",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83326",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
               },
               {
                  name: "DSA-3552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3552",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1725926",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:06:09",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1725931",
            },
            {
               name: "openSUSE-SU-2016:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "SUSE-SU-2016:0769",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "20160222 [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2016/Feb/147",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               name: "RHSA-2016:1089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
            },
            {
               name: "FEDORA-2016-e6651efbaf",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2016:1087",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1087",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               name: "1035069",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035069",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bto.bluecoat.com/security-advisory/sa118",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
            },
            {
               name: "RHSA-2016:2807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
            },
            {
               name: "RHSA-2016:1088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1088",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
            },
            {
               name: "RHSA-2016:2808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1725929",
            },
            {
               name: "SUSE-SU-2016:0822",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "83326",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83326",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
            },
            {
               name: "DSA-3552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3552",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1725926",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0763",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1725931",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1725931",
                  },
                  {
                     name: "openSUSE-SU-2016:0865",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "SUSE-SU-2016:0769",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "20160222 [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2016/Feb/147",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                  },
                  {
                     name: "RHSA-2016:1089",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
                  },
                  {
                     name: "FEDORA-2016-e6651efbaf",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2016:1087",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1087",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  },
                  {
                     name: "1035069",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035069",
                  },
                  {
                     name: "https://bto.bluecoat.com/security-advisory/sa118",
                     refsource: "CONFIRM",
                     url: "https://bto.bluecoat.com/security-advisory/sa118",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                  },
                  {
                     name: "RHSA-2016:2807",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
                  },
                  {
                     name: "RHSA-2016:1088",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1088",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                  },
                  {
                     name: "RHSA-2016:2808",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1725929",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1725929",
                  },
                  {
                     name: "SUSE-SU-2016:0822",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "83326",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83326",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                  },
                  {
                     name: "DSA-3552",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3552",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1725926",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1725926",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0763",
      datePublished: "2016-02-25T01:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:04.044Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5345

Vulnerability from cvelistv5

Published

2016-02-25 01:00

Modified

2024-08-06 06:41

Severity ?

Summary

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

References

▼	URL	Tags
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1715216	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	https://kc.mcafee.com/corporate/index?page=content&id=SB10156	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html	vendor-advisory, x_refsource_SUSE
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1715213	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2045.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1715206	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145974991225029&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2016-1089.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2016:1087	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035071	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa118	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1088	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1717212	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180531-0001/	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Feb/146	mailing-list, x_refsource_BUGTRAQ
	http://svn.apache.org/viewvc?view=revision&revision=1716894	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1717209	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/83328	vdb-entry, x_refsource_BID
	http://svn.apache.org/viewvc?view=revision&revision=1715207	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1717216	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
	http://seclists.org/fulldisclosure/2016/Feb/122	mailing-list, x_refsource_FULLDISC
	https://bz.apache.org/bugzilla/show_bug.cgi?id=58765	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1716882	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.298Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1715216",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10156",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "openSUSE-SU-2016:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1715213",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "SUSE-SU-2016:0769",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
               },
               {
                  name: "RHSA-2016:2045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1715206",
               },
               {
                  name: "HPSBUX03561",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
               },
               {
                  name: "RHSA-2016:1089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html",
               },
               {
                  name: "RHSA-2016:1087",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1087",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  name: "1035071",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035071",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa118",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
               },
               {
                  name: "RHSA-2016:1088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1088",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1717212",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  name: "20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2016/Feb/146",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1716894",
               },
               {
                  name: "SUSE-SU-2016:0822",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1717209",
               },
               {
                  name: "83328",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83328",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1715207",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1717216",
               },
               {
                  name: "SUSE-SU-2016:0839",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
               },
               {
                  name: "DSA-3552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3552",
               },
               {
                  name: "20160225 [CVE-2015-5345] Information disclosure vulnerability in Apache Tomcat",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2016/Feb/122",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bz.apache.org/bugzilla/show_bug.cgi?id=58765",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1716882",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:10:13",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1715216",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10156",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "openSUSE-SU-2016:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1715213",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "SUSE-SU-2016:0769",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
            },
            {
               name: "RHSA-2016:2045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1715206",
            },
            {
               name: "HPSBUX03561",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
            },
            {
               name: "RHSA-2016:1089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html",
            },
            {
               name: "RHSA-2016:1087",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1087",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               name: "1035071",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035071",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bto.bluecoat.com/security-advisory/sa118",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
            },
            {
               name: "RHSA-2016:1088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1088",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1717212",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               name: "20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2016/Feb/146",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1716894",
            },
            {
               name: "SUSE-SU-2016:0822",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1717209",
            },
            {
               name: "83328",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83328",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1715207",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1717216",
            },
            {
               name: "SUSE-SU-2016:0839",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
            },
            {
               name: "DSA-3552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3552",
            },
            {
               name: "20160225 [CVE-2015-5345] Information disclosure vulnerability in Apache Tomcat",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2016/Feb/122",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bz.apache.org/bugzilla/show_bug.cgi?id=58765",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1716882",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5345",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1715216",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1715216",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10156",
                     refsource: "CONFIRM",
                     url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10156",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  },
                  {
                     name: "openSUSE-SU-2016:0865",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1715213",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1715213",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "SUSE-SU-2016:0769",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
                  },
                  {
                     name: "RHSA-2016:2045",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1715206",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1715206",
                  },
                  {
                     name: "HPSBUX03561",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
                  },
                  {
                     name: "RHSA-2016:1089",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html",
                     refsource: "MISC",
                     url: "http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html",
                  },
                  {
                     name: "RHSA-2016:1087",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1087",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  },
                  {
                     name: "1035071",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035071",
                  },
                  {
                     name: "https://bto.bluecoat.com/security-advisory/sa118",
                     refsource: "CONFIRM",
                     url: "https://bto.bluecoat.com/security-advisory/sa118",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                  },
                  {
                     name: "RHSA-2016:1088",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1088",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1717212",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1717212",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2016/Feb/146",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1716894",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1716894",
                  },
                  {
                     name: "SUSE-SU-2016:0822",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1717209",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1717209",
                  },
                  {
                     name: "83328",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83328",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1715207",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1715207",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1717216",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1717216",
                  },
                  {
                     name: "SUSE-SU-2016:0839",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                  },
                  {
                     name: "DSA-3552",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3552",
                  },
                  {
                     name: "20160225 [CVE-2015-5345] Information disclosure vulnerability in Apache Tomcat",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2016/Feb/122",
                  },
                  {
                     name: "https://bz.apache.org/bugzilla/show_bug.cgi?id=58765",
                     refsource: "CONFIRM",
                     url: "https://bz.apache.org/bugzilla/show_bug.cgi?id=58765",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1716882",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1716882",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5345",
      datePublished: "2016-02-25T01:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.298Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0706

Vulnerability from cvelistv5

Published

2016-02-25 01:00

Modified

2024-08-05 22:30

Severity ?

Summary

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

References

▼	URL	Tags
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1722800	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html	vendor-advisory, x_refsource_SUSE
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2045.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145974991225029&w=2	vendor-advisory, x_refsource_HP
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1722802	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1089.html	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1087	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035069	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa118	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2807.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1088	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180531-0001/	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2808.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/83324	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html	vendor-advisory, x_refsource_SUSE
	http://seclists.org/bugtraq/2016/Feb/144	mailing-list, x_refsource_BUGTRAQ
	http://svn.apache.org/viewvc?view=revision&revision=1722799	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
	http://svn.apache.org/viewvc?view=revision&revision=1722801	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:03.533Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1722800",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "openSUSE-SU-2016:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "SUSE-SU-2016:0769",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
               },
               {
                  name: "RHSA-2016:2045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "HPSBUX03561",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1722802",
               },
               {
                  name: "RHSA-2016:1089",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2016:1087",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1087",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  name: "1035069",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035069",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa118",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
               },
               {
                  name: "RHSA-2016:2807",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
               },
               {
                  name: "RHSA-2016:1088",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1088",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  name: "RHSA-2016:2808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
               },
               {
                  name: "SUSE-SU-2016:0822",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
               },
               {
                  name: "83324",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83324",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  name: "SUSE-SU-2016:0839",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
               },
               {
                  name: "20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2016/Feb/144",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1722799",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
               },
               {
                  name: "DSA-3552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3552",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1722801",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:09:43",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1722800",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "openSUSE-SU-2016:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "SUSE-SU-2016:0769",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
            },
            {
               name: "RHSA-2016:2045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "HPSBUX03561",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1722802",
            },
            {
               name: "RHSA-2016:1089",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2016:1087",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1087",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               name: "1035069",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035069",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bto.bluecoat.com/security-advisory/sa118",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
            },
            {
               name: "RHSA-2016:2807",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
            },
            {
               name: "RHSA-2016:1088",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1088",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               name: "RHSA-2016:2808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
            },
            {
               name: "SUSE-SU-2016:0822",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
            },
            {
               name: "83324",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83324",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               name: "SUSE-SU-2016:0839",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
            },
            {
               name: "20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2016/Feb/144",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1722799",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
            },
            {
               name: "DSA-3552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3552",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1722801",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0706",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1722800",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1722800",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  },
                  {
                     name: "openSUSE-SU-2016:0865",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "SUSE-SU-2016:0769",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
                  },
                  {
                     name: "RHSA-2016:2045",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "HPSBUX03561",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1722802",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1722802",
                  },
                  {
                     name: "RHSA-2016:1089",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1089.html",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2016:1087",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1087",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  },
                  {
                     name: "1035069",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035069",
                  },
                  {
                     name: "https://bto.bluecoat.com/security-advisory/sa118",
                     refsource: "CONFIRM",
                     url: "https://bto.bluecoat.com/security-advisory/sa118",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                  },
                  {
                     name: "RHSA-2016:2807",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2807.html",
                  },
                  {
                     name: "RHSA-2016:1088",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1088",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "RHSA-2016:2808",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2808.html",
                  },
                  {
                     name: "SUSE-SU-2016:0822",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
                  },
                  {
                     name: "83324",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83324",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "SUSE-SU-2016:0839",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
                  },
                  {
                     name: "20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2016/Feb/144",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1722799",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1722799",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                  },
                  {
                     name: "DSA-3552",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3552",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1722801",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1722801",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0706",
      datePublished: "2016-02-25T01:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:03.533Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5174

Vulnerability from cvelistv5

Published

2016-02-25 01:00

Modified

2024-08-06 06:41

Severity ?

Summary

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

References

▼	URL	Tags
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201705-09	vendor-advisory, x_refsource_GENTOO
	http://svn.apache.org/viewvc?view=revision&revision=1700900	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3024-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2045.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=145974991225029&w=2	vendor-advisory, x_refsource_HP
	http://svn.apache.org/viewvc?view=revision&revision=1696284	x_refsource_CONFIRM
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1434	vendor-advisory, x_refsource_REDHAT
	http://svn.apache.org/viewvc?view=revision&revision=1700898	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1035070	vdb-entry, x_refsource_SECTRACK
	https://bto.bluecoat.com/security-advisory/sa118	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1433	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180531-0001/	x_refsource_CONFIRM
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/83329	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2016:1432	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2599.html	vendor-advisory, x_refsource_REDHAT
	http://seclists.org/bugtraq/2016/Feb/149	mailing-list, x_refsource_BUGTRAQ
	http://www.debian.org/security/2016/dsa-3609	vendor-advisory, x_refsource_DEBIAN
	http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html	vendor-advisory, x_refsource_SUSE
	http://svn.apache.org/viewvc?view=revision&revision=1696281	x_refsource_CONFIRM
	http://svn.apache.org/viewvc?view=revision&revision=1700897	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1435.html	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:07.953Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "GLSA-201705-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201705-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1700900",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "openSUSE-SU-2016:0865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
               },
               {
                  name: "USN-3024-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3024-1",
               },
               {
                  name: "SUSE-SU-2016:0769",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
               },
               {
                  name: "RHSA-2016:2045",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
               },
               {
                  name: "DSA-3530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3530",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "HPSBUX03561",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1696284",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2016:1434",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1434",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1700898",
               },
               {
                  name: "1035070",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bto.bluecoat.com/security-advisory/sa118",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
               },
               {
                  name: "RHSA-2016:1433",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1433",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  name: "83329",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83329",
               },
               {
                  name: "RHSA-2016:1432",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1432",
               },
               {
                  name: "SUSE-SU-2016:0822",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
               },
               {
                  name: "RHSA-2016:2599",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
               },
               {
                  name: "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/bugtraq/2016/Feb/149",
               },
               {
                  name: "DSA-3609",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3609",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
               },
               {
                  name: "SUSE-SU-2016:0839",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1696281",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?view=revision&revision=1700897",
               },
               {
                  name: "RHSA-2016:1435",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1435.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
               },
               {
                  name: "DSA-3552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3552",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-users] 20200131 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:09:39",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "GLSA-201705-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201705-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1700900",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "openSUSE-SU-2016:0865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
            },
            {
               name: "USN-3024-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3024-1",
            },
            {
               name: "SUSE-SU-2016:0769",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
            },
            {
               name: "RHSA-2016:2045",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
            },
            {
               name: "DSA-3530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3530",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "HPSBUX03561",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1696284",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2016:1434",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1434",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1700898",
            },
            {
               name: "1035070",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bto.bluecoat.com/security-advisory/sa118",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
            },
            {
               name: "RHSA-2016:1433",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1433",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               name: "83329",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83329",
            },
            {
               name: "RHSA-2016:1432",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1432",
            },
            {
               name: "SUSE-SU-2016:0822",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
            },
            {
               name: "RHSA-2016:2599",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
            },
            {
               name: "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://seclists.org/bugtraq/2016/Feb/149",
            },
            {
               name: "DSA-3609",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3609",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
            },
            {
               name: "SUSE-SU-2016:0839",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1696281",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?view=revision&revision=1700897",
            },
            {
               name: "RHSA-2016:1435",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1435.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
            },
            {
               name: "DSA-3552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3552",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-users] 20200131 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5174",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "GLSA-201705-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201705-09",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1700900",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1700900",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  },
                  {
                     name: "openSUSE-SU-2016:0865",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html",
                  },
                  {
                     name: "USN-3024-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3024-1",
                  },
                  {
                     name: "SUSE-SU-2016:0769",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html",
                  },
                  {
                     name: "RHSA-2016:2045",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2045.html",
                  },
                  {
                     name: "DSA-3530",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3530",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "HPSBUX03561",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1696284",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1696284",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2016:1434",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1434",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1700898",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1700898",
                  },
                  {
                     name: "1035070",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035070",
                  },
                  {
                     name: "https://bto.bluecoat.com/security-advisory/sa118",
                     refsource: "CONFIRM",
                     url: "https://bto.bluecoat.com/security-advisory/sa118",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
                  },
                  {
                     name: "RHSA-2016:1433",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1433",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180531-0001/",
                  },
                  {
                     name: "http://tomcat.apache.org/security-6.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-6.html",
                  },
                  {
                     name: "83329",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83329",
                  },
                  {
                     name: "RHSA-2016:1432",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1432",
                  },
                  {
                     name: "SUSE-SU-2016:0822",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html",
                  },
                  {
                     name: "RHSA-2016:2599",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2599.html",
                  },
                  {
                     name: "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
                     refsource: "BUGTRAQ",
                     url: "http://seclists.org/bugtraq/2016/Feb/149",
                  },
                  {
                     name: "DSA-3609",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3609",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
                  },
                  {
                     name: "SUSE-SU-2016:0839",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1696281",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1696281",
                  },
                  {
                     name: "http://svn.apache.org/viewvc?view=revision&revision=1700897",
                     refsource: "CONFIRM",
                     url: "http://svn.apache.org/viewvc?view=revision&revision=1700897",
                  },
                  {
                     name: "RHSA-2016:1435",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1435.html",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
                  },
                  {
                     name: "DSA-3552",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3552",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-users] 20200131 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5174",
      datePublished: "2016-02-25T01:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:07.953Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature