var-201404-0585
Vulnerability from variot
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:084 http://www.mandriva.com/en/support/security/
Package : tomcat Date : March 28, 2015 Affected: Business Server 2.0
Problem Description:
Updated tomcat package fixes security vulnerabilities:
It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050).
Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590).
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096).
Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227 http://advisories.mageia.org/MGASA-2014-0110.html http://advisories.mageia.org/MGASA-2014-0149.html http://advisories.mageia.org/MGASA-2014-0268.html
Updated Packages:
Mandriva Business Server 2/X86_64: 58f55f0050c7ac4eb3c31308cc62d244 mbs2/x86_64/tomcat-7.0.59-1.mbs2.noarch.rpm 9c28750a8ec902d5bde42748a14d99ab mbs2/x86_64/tomcat-admin-webapps-7.0.59-1.mbs2.noarch.rpm b62639d405462dc9f28fd4afe11ddd57 mbs2/x86_64/tomcat-docs-webapp-7.0.59-1.mbs2.noarch.rpm 57b85f852426d5c7e282542165d2ea6f mbs2/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs2.noarch.rpm 8410dbab11abe4f307576ecd657e427c mbs2/x86_64/tomcat-javadoc-7.0.59-1.mbs2.noarch.rpm aaffb8c0cd7d82c6dcb1b0ecc00dc7c8 mbs2/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs2.noarch.rpm 538438ca90caa2eb6f49bca3bb6e0e2e mbs2/x86_64/tomcat-jsvc-7.0.59-1.mbs2.noarch.rpm 9a2d902c3a3e24af3f2da240c42c787f mbs2/x86_64/tomcat-lib-7.0.59-1.mbs2.noarch.rpm af5562b305ae7fd1406a9c94c9316cb5 mbs2/x86_64/tomcat-log4j-7.0.59-1.mbs2.noarch.rpm 3349a91a1667f299641e16aed4c3aadc mbs2/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs2.noarch.rpm 4777adcbc177da7e1b8b158d6186141c mbs2/x86_64/tomcat-webapps-7.0.59-1.mbs2.noarch.rpm b832a8fcd47ae9fb696ca9424bd2a934 mbs2/SRPMS/tomcat-7.0.59-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4 9yRzhuJFw0DWd+dOc4antEU= =SHMh -----END PGP SIGNATURE----- .
References:
- CVE-2009-5028 - Namazu Remote Denial of Service
- CVE-2011-4345 - Namazu Cross-site Scripting
- CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information
- CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information
- CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2017-5787 - DoS - LINUX VCRM
- CVE-2016-8517 - SIM
- CVE-2016-8516 - SIM
- CVE-2016-8518 - SIM
- CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM
- CVE-2016-8515 - Malicious File Upload - Linux VCRM
- CVE-2016-8514 - Information Disclosure - Linux VCRM
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. ============================================================================ Ubuntu Security Notice USN-2130-1 March 06, 2014
tomcat6, tomcat7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Tomcat.
Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. This issue only applied to Ubuntu 12.04 LTS. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0050)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libtomcat7-java 7.0.42-1ubuntu0.1
Ubuntu 12.10: libtomcat7-java 7.0.30-0ubuntu1.3
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.4
Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.15
In general, a standard system update will make all the necessary changes. (CVE-2014-0050)
Warning: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The JBoss server process must be restarted for the update to take effect. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. Bugs fixed (https://bugzilla.redhat.com/):
1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream
- Package List:
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server:
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el5.src.rpm
noarch: jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server:
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el6.src.rpm
noarch: jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update Advisory ID: RHSA-2014:0452-01 Product: Fuse Enterprise Middleware Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0452.html Issue date: 2014-04-30 CVE Names: CVE-2013-6440 CVE-2013-7285 CVE-2014-0002 CVE-2014-0003 CVE-2014-0050 =====================================================================
- Summary:
Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 (Patch 3 on Rollup Patch 1), which addresses several security issues and contains multiple bug fixes, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Description:
Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also addressed with this release:
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. (CVE-2013-7285)
It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process. (CVE-2014-0003)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XXE attacks. (CVE-2013-6440)
It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. A remote attacker able to submit messages to an XSLT Camel route could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XXE attacks. (CVE-2014-0002)
A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)
The CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of the Red Hat Security Response Team, and the CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and David Jorm of the Red Hat Security Response Team.
All users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the Red Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3.
- Solution:
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1043332 - CVE-2013-6440 XMLTooling-J/OpenSAML Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter 1049675 - CVE-2014-0002 Camel: XML eXternal Entity (XXE) flaw in XSLT component 1049692 - CVE-2014-0003 Camel: remote code execution via XSL 1051277 - CVE-2013-7285 XStream: remote code execution due to insecure XML deserialization 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream
- References:
https://www.redhat.com/security/data/cve/CVE-2013-6440.html https://www.redhat.com/security/data/cve/CVE-2013-7285.html https://www.redhat.com/security/data/cve/CVE-2014-0002.html https://www.redhat.com/security/data/cve/CVE-2014-0003.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise&downloadType=securityPatches&version=7.1.0 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.mq.enterprise&downloadType=securityPatches&version=7.1.0
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTYUouXlSAg2UNWIIRAtXhAJ4wWYfapk4Iw08GBZF04ZzzquwtUACeJyUX UK7VBUwV1N8jMgwNq3JF0xk= =M7ru -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322)
It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324755 Version: 1
HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-04 Last Updated: 2016-11-04
Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.
References:
- CVE-2014-0114 - Apache Struts, execution of arbitrary code
- CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
- CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
- CVE-2015-3253 - Apache Groovy, execution of arbitrary code
- CVE-2015-5652 - Python, elevation of privilege
- CVE-2013-6429 - Spring Framework, cross-site request forgery
- CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
- PSRT110264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP SiteScope Monitors Software Series 11.2xa11.32IP1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.
-
Apache Commons FileUpload: KM02550251 (CVE-2014-0050):
-
Apache Struts: KM02553983 (CVE-2014-0114):
-
Apache Tomcat: KM02553990 (CVE-2016-0763):
-
Apache XML Xalan: KM02553991 (CVE-2014-0107):
-
Apache Groovy: KM02553992 (CVE-2015-3253):
-
Python: KM02553997 (CVE-2015-5652):
-
Spring Framework: KM02553998 (CVE-2013-6429):
HISTORY Version:1 (rev.1) - 4 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0585", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "09-50" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.50" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.40" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.10" }, { "model": "commons fileupload", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "1.2.2" }, { "model": "commons fileupload", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "1.2.1" }, { "model": "commons fileupload", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "1.2" }, { "model": "commons fileupload", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "1.1.1" }, { "model": "commons fileupload", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "1.1" }, { "model": "commons fileupload", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "1.0" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server )", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "09-50" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0in" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.36" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.35" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.37" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.38" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.42" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.41" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.45" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.48" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.39" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.49" }, { "model": "commons fileupload", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.43" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.47" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0" }, { "model": "retail applications", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.44" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.46" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.17" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50-02" }, { "model": "ucosminexus service platform hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform (windows(x8", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus service platform hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus service platform (windows(x6", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus service platform hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50-02" }, { "model": "ucosminexus primary server base (windows(x8", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus primary server base hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus primary server base (windows(x6", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus primary server base hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server (windows(x8", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus application server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus application server (windows(x6", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus application server hp-ux", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "programming environment for java )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "programming environment for java )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50-03" }, { "model": "cosminexus component container )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus component container )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus component container window", "scope": "ne", "trust": 0.6, "vendor": "hitachi", "version": "09-50-04" }, { "model": "cosminexus component container", "scope": "ne", "trust": 0.6, "vendor": "hitachi", "version": "09-50-04" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "vcenter orchestrator", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vcenter orchestrator", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "vcenter orchestrator", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.2" }, { "model": "vcenter operations management suite", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.8.1" }, { "model": "vcenter operations management suite", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.7.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux 10.04.lts", "scope": null, "trust": 0.3, "vendor": "ubuntu", "version": null }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "internet sales", "scope": "eq", "trust": 0.3, "vendor": "sap", "version": "7.54" }, { "model": "internet sales", "scope": "eq", "trust": 0.3, "vendor": "sap", "version": "7.33" }, { "model": "internet sales", "scope": "eq", "trust": 0.3, "vendor": "sap", "version": "7.32" }, { "model": "internet sales", "scope": "eq", "trust": 0.3, "vendor": "sap", "version": "7.31" }, { "model": "internet sales", "scope": "eq", "trust": 0.3, "vendor": "sap", "version": "7.30" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "12.3" }, { "model": "jboss operations network", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.2.1" }, { "model": "jboss operations network", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.2.0" }, { "model": "jboss fuse service works", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0.0" }, { "model": "jboss fuse", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "jboss enterprise web server el6", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.0" }, { "model": "jboss enterprise web server el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.2.1" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.2" }, { "model": "jboss enterprise application platform el6", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jboss brms", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0.1" }, { "model": "jboss brms", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0.0" }, { "model": "jboss bpms", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0.1" }, { "model": "jboss bpms", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "jboss a-mq", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0.0" }, { "model": "fuse esb enterprise", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.1.0" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "weblogic portal", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.6.0" }, { "model": "webcenter sites", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.18.0" }, { "model": "webcenter sites", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.6.2" }, { "model": "webcenter sites", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.6.1" }, { "model": "retail returns management rm2.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail returns management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.0" }, { "model": "retail returns management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.4" }, { "model": "retail returns management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.3" }, { "model": "retail returns management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2" }, { "model": "retail returns management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1" }, { "model": "retail returns management 12.0in", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail returns management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "retail central office rm2.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.0" }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.4" }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.3" }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2" }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1" }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.0" }, { "model": "retail central office 12.0in", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail central office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.0" }, { "model": "retail back office rm2.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.0" }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.4" }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.3" }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2" }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1" }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.0" }, { "model": "retail back office 12.0in", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail back office", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.10" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.16" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.15" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.14" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.13" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3" }, { "model": "health sciences empirica study", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.2.0" }, { "model": "health sciences empirica signal", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.3.3.3" }, { "model": "health sciences empirica inspections", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.1.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "endeca information discovery studio", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.2" }, { "model": "endeca information discovery studio", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1" }, { "model": "endeca information discovery studio", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "endeca information discovery studio", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.4" }, { "model": "endeca information discovery studio", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3" }, { "model": "communications service broker engineered system edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "communications service broker", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications service broker", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.7.3" }, { "model": "communications online mediation controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications converged application server service controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.1" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.1.00.10" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.1" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.1.3" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.1.2" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.1.1" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.0.00.27" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.1" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "application express", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5" }, { "model": "application express 1.1-ea", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere message broker for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "websphere extended deployment compute grid", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "websphere extended deployment compute", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere dashboard framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "websphere business monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "urbancode release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "urbancode release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.3" }, { "model": "urbancode release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.2" }, { "model": "urbancode release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.1" }, { "model": "urbancode release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "urbancode release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "urbancode deploy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.13" }, { "model": "urbancode deploy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.12" }, { "model": "urbancode deploy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.11" }, { "model": "urbancode deploy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "urbancode deploy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1100" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1000" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1000" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4100" }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli endpoint manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "tivoli endpoint manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli endpoint manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli composite application manager for application diagnostics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli asset discovery for distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "tivoli asset discovery for distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.21" }, { "model": "support assistant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.2" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.1" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.0" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.1" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.0" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.0.4" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.2.3" }, { "model": "storwize unified software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.7" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.6" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.2" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.0" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.6" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.0" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.01" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.41" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "sametime proxy server and web client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "sametime proxy server and web client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sametime meeting server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "sametime meeting server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0" }, { "model": "sametime meeting server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "sametime meeting server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.02" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.01" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational requirements composer ifix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.04" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.02" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.3" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "omnifind enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "lotus widget factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "lotus mashups", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "lotus mashups", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.2" }, { "model": "license metric tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "license metric tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "interact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "interact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "integration bus for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "infosphere mashuphub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "infosphere mashuphub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "infosphere guardium data redaction", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "business monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "business monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.02" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "forms experience builder", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "forms experience builder", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9848-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9848-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9846-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9846-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "flashsystem 9843-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "filenet services for lotus quickr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "filenet p8 application engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "filenet content manager workplace xt", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.5" }, { "model": "filenet content manager workplace xt", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.4" }, { "model": "filenet content manager workplace xt", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.3" }, { "model": "filenet content manager workplace xt", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.2" }, { "model": "filenet content manager workplace xt", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "filenet collaboration services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.2" }, { "model": "filenet business process framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "db2 query management facility for websphere fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.122" }, { "model": "db2 query management facility for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "db2 query management facility for websphere fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.11" }, { "model": "db2 query management facility for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.1" }, { "model": "db2 query management facility for websphere fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.19" }, { "model": "db2 query management facility for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.19" }, { "model": "content manager services for lotus quickr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "content manager services for lotus quickr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "content integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "content integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "content foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "content analytics with enterprise search", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "content analytics with enterprise search", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.5" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.4" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.3" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.5.4" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.5.3" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.5.2" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.4.5" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.4.4" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.4.3" }, { "model": "c\u00faram social program management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "business process manager advanced on z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "business process manager advanced on z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "business process manager advanced on z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "business monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "usg9580 v200r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "usg9560 v200r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "usg9520 v200r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "eudemon8000e-x8 v200r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "eudemon8000e-x3 v200r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "eudemon8000e-x16 v200r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace meeting portal v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "anyoffice v200r002c10spc500", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "antiddos v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "8080" }, { "model": "antiddos v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "8060" }, { "model": "antiddos v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "8030" }, { "model": "antiddos 500-d v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "antiddos v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "1550" }, { "model": "antiddos v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "1520" }, { "model": "sitescope monitors 11.32ip1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sitescope monitors", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.20" }, { "model": "sdn van controller", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.5" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "ucosminexus service platform (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-02" }, { "model": "ucosminexus service architect hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service architect (windows(x8", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus service architect hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus service architect (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus service architect hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "ucosminexus primary server base hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-02" }, { "model": "ucosminexus developer (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "ucosminexus developer hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer (windows(x8", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus developer hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus developer (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus developer hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-02" }, { "model": "ucosminexus application server-r hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server-r (windows(x8", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "ucosminexus application server-r hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus application server-r (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "ucosminexus application server-r hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-02" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "programming environment for java hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "programming environment for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "programming environment for java (windows(x8", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-03" }, { "model": "programming environment for java hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "programming environment for java (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "programming environment for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "programming environment for java hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "programming environment for java", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-10-03" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-10" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-02-04" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-02" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01-03" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01-02" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01-01" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-00-02" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-00-01" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-00" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-51-05" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-51-04" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-51-03" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-51-02" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-51-01" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-51" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50-03" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50-02" }, { "model": "jp1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01-06" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01-03" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-10-01" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50-03" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50-02" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50-01" }, { "model": "job management partner 1/it desktop management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-06" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-02" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00-01" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-12" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-11" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-10" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-09" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-08" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-07" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-06" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-04" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-03" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00-01" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-00" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-07" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-06" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-05" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-04" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-03" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-02" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-01" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-02" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-01-02" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-01-01" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-01" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-53-02" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-53-01" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-53" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51-01" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-01" }, { "model": "cosminexus component container hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-03" }, { "model": "cosminexus component container (windows(x8", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-03" }, { "model": "cosminexus component container (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-03" }, { "model": "cosminexus component container hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50-01" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus component container (windows(x8", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-10" }, { "model": "cosminexus component container (windows(x6", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-10" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-10" }, { "model": "cosminexus component container hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-08" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-08" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-02" }, { "model": "cosminexus component container hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00-01" }, { "model": "cosminexus component container", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip link controller hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip gtm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.2" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.1" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.3" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "5.0" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "tomcat 8.0.0-rc1", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.4" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "20" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.41" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.12" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "commons fileupload", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3" }, { "model": "vcenter server update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.52" }, { "model": "vcenter operations management suite", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.8.2" }, { "model": "vcenter operations management suite", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.7.3" }, { "model": "jboss fuse", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "6.1.0" }, { "model": "jboss a-mq", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "6.1.0" }, { "model": "urbancode release", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.4" }, { "model": "urbancode deploy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.14" }, { "model": "tivoli storage manager operations center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1200" }, { "model": "tivoli storage manager operations center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.4.2000" }, { "model": "sterling secure proxy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.8" }, { "model": "infosphere guardium data redaction", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.5.1" }, { "model": "filenet business process framework", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.10" }, { "model": "db2 query management facility for websphere fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.123" }, { "model": "db2 query management facility for websphere fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.12" }, { "model": "db2 query management facility for websphere fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.110" }, { "model": "dataquant", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "dataquant", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.20" }, { "model": "connections cr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "espace meeting portal v100r001c00spc303", "scope": "ne", "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "anyoffice v200r002c10l00422", "scope": "ne", "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "antiddos v100r001c00sph503", "scope": "ne", "trust": 0.3, "vendor": "huawei", "version": "8000" }, { "model": "cosminexus component container hp-ux", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-50-04" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.2" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.6" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.4" }, { "model": "struts", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.3.16.1" } ], "sources": [ { "db": "BID", "id": "65400" }, { "db": "NVD", "id": "CVE-2014-0050" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0050" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hitachi Incident Response Team (HIRT) via JPCERT", "sources": [ { "db": "BID", "id": "65400" } ], "trust": 0.3 }, "cve": "CVE-2014-0050", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0050", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0050", "trust": 1.0, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0050", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0050" }, { "db": "NVD", "id": "CVE-2014-0050" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:084\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat\n Date : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat package fixes security vulnerabilities:\n \n It was discovered that the Apache Commons FileUpload package for Java\n could enter an infinite loop while processing a multipart request with\n a crafted Content-Type, resulting in a denial-of-service condition\n (CVE-2014-0050). \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590). \n \n java/org/apache/catalina/servlets/DefaultServlet.java in the default\n servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\n properly restrict XSLT stylesheets, which allows remote attackers\n to bypass security-manager restrictions and read arbitrary files\n via a crafted web application that provides an XML external entity\n declaration in conjunction with an entity reference, related to an\n XML External Entity (XXE) issue (CVE-2014-0096). \n \n Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly\n constrain the class loader that accesses the XML parser used with\n an XSLT stylesheet, which allows remote attackers to read arbitrary\n files via a crafted web application that provides an XML external\n entity declaration in conjunction with an entity reference, related\n to an XML External Entity (XXE) issue, or read files associated with\n different web applications on a single Tomcat instance via a crafted\n web application (CVE-2014-0119). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227\n http://advisories.mageia.org/MGASA-2014-0110.html\n http://advisories.mageia.org/MGASA-2014-0149.html\n http://advisories.mageia.org/MGASA-2014-0268.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 58f55f0050c7ac4eb3c31308cc62d244 mbs2/x86_64/tomcat-7.0.59-1.mbs2.noarch.rpm\n 9c28750a8ec902d5bde42748a14d99ab mbs2/x86_64/tomcat-admin-webapps-7.0.59-1.mbs2.noarch.rpm\n b62639d405462dc9f28fd4afe11ddd57 mbs2/x86_64/tomcat-docs-webapp-7.0.59-1.mbs2.noarch.rpm\n 57b85f852426d5c7e282542165d2ea6f mbs2/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs2.noarch.rpm\n 8410dbab11abe4f307576ecd657e427c mbs2/x86_64/tomcat-javadoc-7.0.59-1.mbs2.noarch.rpm\n aaffb8c0cd7d82c6dcb1b0ecc00dc7c8 mbs2/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs2.noarch.rpm\n 538438ca90caa2eb6f49bca3bb6e0e2e mbs2/x86_64/tomcat-jsvc-7.0.59-1.mbs2.noarch.rpm\n 9a2d902c3a3e24af3f2da240c42c787f mbs2/x86_64/tomcat-lib-7.0.59-1.mbs2.noarch.rpm\n af5562b305ae7fd1406a9c94c9316cb5 mbs2/x86_64/tomcat-log4j-7.0.59-1.mbs2.noarch.rpm\n 3349a91a1667f299641e16aed4c3aadc mbs2/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs2.noarch.rpm\n 4777adcbc177da7e1b8b158d6186141c mbs2/x86_64/tomcat-webapps-7.0.59-1.mbs2.noarch.rpm \n b832a8fcd47ae9fb696ca9424bd2a934 mbs2/SRPMS/tomcat-7.0.59-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4\n9yRzhuJFw0DWd+dOc4antEU=\n=SHMh\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\n - CVE-2009-5028 - Namazu Remote Denial of Service\n - CVE-2011-4345 - Namazu Cross-site Scripting\n - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of\nInformation\n - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information\n - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2017-5787 - DoS - LINUX VCRM\n - CVE-2016-8517 - SIM\n - CVE-2016-8516 - SIM\n - CVE-2016-8518 - SIM\n - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM\n - CVE-2016-8515 - Malicious File Upload - Linux VCRM\n - CVE-2016-8514 - Information Disclosure - Linux VCRM\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. ============================================================================\nUbuntu Security Notice USN-2130-1\nMarch 06, 2014\n\ntomcat6, tomcat7 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nIt was discovered that Tomcat incorrectly handled certain inconsistent\nHTTP headers. This issue\nonly applied to Ubuntu 12.04 LTS. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. \n(CVE-2014-0050)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n libtomcat7-java 7.0.42-1ubuntu0.1\n\nUbuntu 12.10:\n libtomcat7-java 7.0.30-0ubuntu1.3\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.4\n\nUbuntu 10.04 LTS:\n libtomcat6-java 6.0.24-2ubuntu1.15\n\nIn general, a standard system update will make all the necessary changes. (CVE-2014-0050)\n\nWarning: Before applying this update, back up your existing Red Hat JBoss\nEnterprise Application Platform installation and deployed applications. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually. Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n\n6. Package List:\n\nRed Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server:\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/JBEAP/SRPMS/jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el5.src.rpm\n\nnoarch:\njbossweb-7.3.0-2.Final_redhat_2.1.ep6.el5.noarch.rpm\n\nRed Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server:\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossweb-7.3.0-2.Final_redhat_2.1.ep6.el6.src.rpm\n\nnoarch:\njbossweb-7.3.0-2.Final_redhat_2.1.ep6.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update\nAdvisory ID: RHSA-2014:0452-01\nProduct: Fuse Enterprise Middleware\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0452.html\nIssue date: 2014-04-30\nCVE Names: CVE-2013-6440 CVE-2013-7285 CVE-2014-0002 \n CVE-2014-0003 CVE-2014-0050 \n=====================================================================\n\n1. Summary:\n\nFuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 (Patch 3 on Rollup Patch 1),\nwhich addresses several security issues and contains multiple bug fixes, is\nnow available from the Red Hat Customer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Description:\n\nFuse ESB Enterprise is an integration platform based on Apache ServiceMix. \nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server and, potentially,\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XXE attacks. (CVE-2014-0002)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team, and the CVE-2013-6440 issue was\ndiscovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and\nDavid Jorm of the Red Hat Security Response Team. \n\nAll users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the\nRed Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ\nEnterprise 7.1.0 R1 P3. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1043332 - CVE-2013-6440 XMLTooling-J/OpenSAML Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter\n1049675 - CVE-2014-0002 Camel: XML eXternal Entity (XXE) flaw in XSLT component\n1049692 - CVE-2014-0003 Camel: remote code execution via XSL\n1051277 - CVE-2013-7285 XStream: remote code execution due to insecure XML deserialization\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-6440.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-7285.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0002.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0003.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.mq.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTYUouXlSAg2UNWIIRAtXhAJ4wWYfapk4Iw08GBZF04ZzzquwtUACeJyUX\nUK7VBUwV1N8jMgwNq3JF0xk=\n=M7ru\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user\u0027s session. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2014-0050" }, { "db": "BID", "id": "65400" }, { "db": "VULMON", "id": "CVE-2014-0050" }, { "db": "PACKETSTORM", "id": "131089" }, { "db": "PACKETSTORM", "id": "141092" }, { "db": "PACKETSTORM", "id": "125580" }, { "db": "PACKETSTORM", "id": "125562" }, { "db": "PACKETSTORM", "id": "140605" }, { "db": "PACKETSTORM", "id": "126404" }, { "db": "PACKETSTORM", "id": "126745" }, { "db": "PACKETSTORM", "id": "139721" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0050" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0050", "trust": 2.2 }, { "db": "JVN", "id": "JVN14876762", "trust": 1.4 }, { "db": "HITACHI", "id": "HS14-015", "trust": 1.4 }, { "db": "HITACHI", "id": "HS14-017", "trust": 1.4 }, { "db": "HITACHI", "id": "HS14-016", "trust": 1.4 }, { "db": "BID", "id": "65400", "trust": 1.4 }, { "db": "SECUNIA", "id": "59232", "trust": 1.1 }, { "db": "SECUNIA", "id": "59399", "trust": 1.1 }, { "db": "SECUNIA", "id": "59185", "trust": 1.1 }, { "db": "SECUNIA", "id": "59187", "trust": 1.1 }, { "db": "SECUNIA", "id": "59039", "trust": 1.1 }, { "db": "SECUNIA", "id": "59500", "trust": 1.1 }, { "db": "SECUNIA", "id": "59184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60475", "trust": 1.1 }, { "db": "SECUNIA", "id": "59041", "trust": 1.1 }, { "db": "SECUNIA", "id": "59183", "trust": 1.1 }, { "db": "SECUNIA", "id": "58075", "trust": 1.1 }, { "db": "SECUNIA", "id": "58976", "trust": 1.1 }, { "db": "SECUNIA", "id": "59492", "trust": 1.1 }, { "db": "SECUNIA", "id": "59725", "trust": 1.1 }, { "db": "SECUNIA", "id": "60753", "trust": 1.1 }, { "db": "SECUNIA", "id": "57915", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2014-000017", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "127215", "trust": 1.1 }, { "db": "HITACHI", "id": "HS14-008", "trust": 0.3 }, { "db": "EXPLOIT-DB", "id": "31615", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0050", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131089", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "141092", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125580", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125562", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140605", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126404", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126745", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139721", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0050" }, { "db": "BID", "id": "65400" }, { "db": "PACKETSTORM", "id": "131089" }, { "db": "PACKETSTORM", "id": "141092" }, { "db": "PACKETSTORM", "id": "125580" }, { "db": "PACKETSTORM", "id": "125562" }, { "db": "PACKETSTORM", "id": "140605" }, { "db": "PACKETSTORM", "id": "126404" }, { "db": "PACKETSTORM", "id": "126745" }, { "db": "PACKETSTORM", "id": "139721" }, { "db": "NVD", "id": "CVE-2014-0050" } ] }, "id": "VAR-201404-0585", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4072467342857143 }, "last_update_date": "2024-06-17T10:12:21.043000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b" }, { "title": "Amazon Linux AMI: ALAS-2014-312", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-312" }, { "title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2130-1" }, { "title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57" }, { "title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427" }, { "title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8" }, { "title": "Amazon Linux AMI: ALAS-2014-344", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-344" }, { "title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "", "trust": 0.1, "url": "https://github.com/shiverino/npe2223 " }, { "title": "cve-2014-0050", "trust": 0.1, "url": "https://github.com/jrrdev/cve-2014-0050 " }, { "title": "victims-version-search", "trust": 0.1, "url": "https://github.com/adedov/victims-version-search " }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-travis " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "CDL", "trust": 0.1, "url": "https://github.com/ncsu-dance-research-group/cdl " }, { "title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications", "trust": 0.1, "url": "https://github.com/yuhang-lin/classified-distributed-learning-for-detecting-security-attacks-in-containerized-applications " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0050" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0050" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html" }, { "trust": 1.4, "url": "http://jvn.jp/en/jp/jvn14876762/index.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432" }, { "trust": 1.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html" }, { "trust": 1.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403" }, { "trust": 1.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html" }, { "trust": 1.4, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html" }, { "trust": 1.2, "url": "http://advisories.mageia.org/mgasa-2014-0110.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2130-1" }, { "trust": 1.1, "url": "http://tomcat.apache.org/security-8.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "trust": 1.1, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017" }, { "trust": 1.1, "url": "http://svn.apache.org/r1565143" }, { "trust": 1.1, "url": "http://tomcat.apache.org/security-7.html" }, { "trust": 1.1, "url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57915" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58976" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59232" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59183" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59500" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58075" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59187" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59041" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59185" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59492" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/65400" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59039" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59725" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59399" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59184" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60475" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60753" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2856" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202107-39" }, { "trust": 1.1, "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100179973" }, { "trust": 0.3, "url": "http://seclists.org/fulldisclosure/2014/feb/41" }, { "trust": 0.3, "url": "http://www.apache.org/" }, { "trust": 0.3, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "trust": 0.3, "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://commons.apache.org/proper/commons-fileupload//" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/jun/151" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100178813" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21669383" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html" }, { "trust": 0.3, "url": "https://launchpad.support.sap.com/#/notes/2629535" }, { "trust": 0.3, "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000" }, { "trust": 0.3, "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322" }, { "trust": 0.3, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.3, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.3, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877" }, { "trust": 0.2, "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://github.com/shiverino/npe2223" }, { "trust": 0.1, "url": "https://github.com/jrrdev/cve-2014-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/31615/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2130-1/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0149.html" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0268.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356363\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4345" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5556" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356388\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5539" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5133" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5546" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5028" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5541" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917\u003e" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390722" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5125" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.30-0ubuntu1.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.42-1ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.24-2ubuntu1.15" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0002" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-7285.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0003" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.mq.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0002.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7285" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0452.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-6440.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0003.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6440" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0033.html" }, { "trust": 0.1, "url": "https://softwaresupport.hpe.com\u003e." }, { "trust": 0.1, "url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0050" }, { "db": "BID", "id": "65400" }, { "db": "PACKETSTORM", "id": "131089" }, { "db": "PACKETSTORM", "id": "141092" }, { "db": "PACKETSTORM", "id": "125580" }, { "db": "PACKETSTORM", "id": "125562" }, { "db": "PACKETSTORM", "id": "140605" }, { "db": "PACKETSTORM", "id": "126404" }, { "db": "PACKETSTORM", "id": "126745" }, { "db": "PACKETSTORM", "id": "139721" }, { "db": "NVD", "id": "CVE-2014-0050" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0050" }, { "db": "BID", "id": "65400" }, { "db": "PACKETSTORM", "id": "131089" }, { "db": "PACKETSTORM", "id": "141092" }, { "db": "PACKETSTORM", "id": "125580" }, { "db": "PACKETSTORM", "id": "125562" }, { "db": "PACKETSTORM", "id": "140605" }, { "db": "PACKETSTORM", "id": "126404" }, { "db": "PACKETSTORM", "id": "126745" }, { "db": "PACKETSTORM", "id": "139721" }, { "db": "NVD", "id": "CVE-2014-0050" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-01T00:00:00", "db": "VULMON", "id": "CVE-2014-0050" }, { "date": "2014-02-06T00:00:00", "db": "BID", "id": "65400" }, { "date": "2015-03-30T21:20:12", "db": "PACKETSTORM", "id": "131089" }, { "date": "2017-02-15T00:39:05", "db": "PACKETSTORM", "id": "141092" }, { "date": "2014-03-06T21:44:49", "db": "PACKETSTORM", "id": "125580" }, { "date": "2014-03-06T02:48:19", "db": "PACKETSTORM", "id": "125562" }, { "date": "2017-01-19T13:56:50", "db": "PACKETSTORM", "id": "140605" }, { "date": "2014-05-01T02:11:10", "db": "PACKETSTORM", "id": "126404" }, { "date": "2014-05-22T01:42:58", "db": "PACKETSTORM", "id": "126745" }, { "date": "2016-11-15T00:42:48", "db": "PACKETSTORM", "id": "139721" }, { "date": "2014-04-01T06:27:51.373000", "db": "NVD", "id": "CVE-2014-0050" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-0050" }, { "date": "2018-07-12T06:00:00", "db": "BID", "id": "65400" }, { "date": "2023-11-07T02:18:06.260000", "db": "NVD", "id": "CVE-2014-0050" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "141092" }, { "db": "PACKETSTORM", "id": "125580" }, { "db": "PACKETSTORM", "id": "125562" }, { "db": "PACKETSTORM", "id": "126745" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability", "sources": [ { "db": "BID", "id": "65400" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "65400" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.