var-201607-0321
Vulnerability from variot
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). JIRA issues fixed (https://issues.jboss.org/):
JWS-267 - RHEL 6 Errata JIRA
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324759 Version: 3
HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-12-01 Last Updated: 2016-11-30
Potential Security Impact: Remote: Denial of Service (DoS), URL Redirection
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or URL Redirection.
References:
- CVE-2016-3092 - Apache Tomcat, Remote Denial of Service (DoS)
- CVE-2016-5388 - Apache Tomcat, Remote URL Redirection
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP-UX Tomcat-based Servlet v.7.x Engine B.11.31 - Tomcat 7 prior to D.7.0.70.01
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-3092
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-5388
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software update to resolve the vulnerabilities in HP-UX Apache Tomcat 7 Servlet Engine:
-
Tomcat 7.0.70.01 for HP-UX Release B.11.31 (IPF and PA-RISC)
- 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-64.depot
- 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-32.depot
-
Note: The depot file can be found here:
+ https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=HPUXWSATW501
-
Tomcat 7.0.70.01 for Apache 2.2:
-
Install the depot via the link provided and then follow these steps to enable Tomcat 7.0.70.01 for Apache 2.2:
1.Run aswremovea to remove the previously installed Tomcat (if any)
2.rm arf /opt/hpws22/tomcat
3.Create the link using ln -s /opt/hpws24/tomcat /opt/hpws22/tomcat
-
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see:
* https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31 IA/PA
===================
hpuxws22TOMCAT.TOMCAT
hpuxws22TOMCAT.TOMCAT2
action: install revision D.7.0.70.01 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 4 November 2016 Initial release
Version:2 (rev.2) - 8 November 2016 Removed extraneous text from background section
Version:3 (rev.3) - 1 December 2016 Details added to enable Tomcat 7.0.70.01 for Apache 2.2, removed PSRT numbers, simplified title
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. It includes bug fixes and enhancements. The JBoss server process must be restarted for the update to take effect. (CVE-2016-3092)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat security, bug fix, and enhancement update Advisory ID: RHSA-2016:2599-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2599.html Issue date: 2016-11-03 CVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 =====================================================================
- Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)
Security Fix(es):
-
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
-
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
-
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)
-
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
-
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1133070 - Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar 1201409 - Fix the broken tomcat-jsvc service unit 1208402 - Mark web.xml in tomcat-admin-webapps as config file 1221896 - tomcat.service loads /etc/sysconfig/tomcat without shell expansion 1229476 - Tomcat startup ONLY options 1240279 - The command tomcat-digest doesn't work with RHEL 7 1265698 - CVE-2015-5174 tomcat: URL Normalization issue 1277197 - tomcat user has non-existing default shell set 1287928 - Rebase tomcat to 7.0.69 or backport features 1311076 - CVE-2015-5351 tomcat: CSRF token leak 1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms 1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet 1311089 - CVE-2015-5345 tomcat: directory disclosure 1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() 1311622 - Getting NoSuchElementException while handling attributes with empty string value in tomcat 7.0.54 1320853 - Add HSTS support 1327326 - rpm -V tomcat fails on /var/log/tomcat/catalina.out 1347774 - The security manager doesn't work correctly (JSPs cannot be compiled) 1347860 - The systemd service unit does not allow tomcat to shut down gracefully 1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.69-10.el7.src.rpm
noarch: tomcat-7.0.69-10.el7.noarch.rpm tomcat-admin-webapps-7.0.69-10.el7.noarch.rpm tomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm tomcat-lib-7.0.69-10.el7.noarch.rpm tomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm tomcat-webapps-7.0.69-10.el7.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.69-10.el7.noarch.rpm tomcat-javadoc-7.0.69-10.el7.noarch.rpm tomcat-jsvc-7.0.69-10.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5174 https://access.redhat.com/security/cve/CVE-2015-5345 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYGv0mXlSAg2UNWIIRAq74AJ9mIwnepxw2jbrHnfK3Gkc+N7uMIACfXM+E 5lVH/+qu5TZIB819MY4FTO0= =u+za -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. (CVE-2016-3092)
-
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2016-0706)
The References section of this erratum contains a download link (you must log in to download the update). References:
https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 Security Impact: https://access.redhat.com/security/updates/classification/#important Download: https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.2
- ========================================================================== Ubuntu Security Notice USN-3024-1 July 05, 2016
tomcat6, tomcat7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Tomcat. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174)
It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)
It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706)
It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714)
It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763)
It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. (CVE-2016-3092)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libtomcat7-java 7.0.68-1ubuntu0.1
Ubuntu 15.10: libtomcat7-java 7.0.64-1ubuntu0.3
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.6
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.7
In general, a standard system update will make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0321", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.69" }, { "model": "icewall identity manager", "scope": "eq", "trust": 1.3, "vendor": "hp", "version": "5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.67" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.40" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.39" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.47" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.42" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.54" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.50" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.55" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.68" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.57" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.53" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.65" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.59" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "8.0.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.41" }, { "model": "tomcat", "scope": "eq", "trust": 1.3, "vendor": "apache", "version": "7.0.37" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.61" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.62" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.20" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.52" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.21" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.56" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.11" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.23" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.26" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "9.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.14" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.63" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "8.0.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.64" }, { "model": "commons fileupload", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.3.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "jg748aae hp imc ent sw plat w/ nodes e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.12" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.0.3.0" }, { "model": "interact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "webcenter sites", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "jg550aae hp pmm to imc bsc wlm upgr w/150ap e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.6" }, { "model": "interact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.36" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.029" }, { "model": "commons fileupload", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.3.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.10" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "knowledge", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.6.0" }, { "model": "websphere application server liberty profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "tivoli monitoring fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "case manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.5" }, { "model": "algo one algo risk application", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.45" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "utilities work and asset management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.9.1.2.11" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "tivoli monitoring fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.0.1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0.34" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "jd814a hp a-imc enterprise edition software dvd media", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "commons fileupload", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.2.2" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.48" }, { "model": "healthcare master person index", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "webcenter sites", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.18.0" }, { "model": "infosphere metadata asset manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.11" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.6.8003" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.10" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "interact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "jf378aae hp imc ent s/w pltfrm w/200-node e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.31" }, { "model": "healthcare master person index", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "tomcat 9.0.0.m1", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "knowledge", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.5.1.7" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "jd808a hp imc ent platform w/100-node license", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "rational directory server ifix9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "jd816a hp a-imc standard edition software dvd media", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.10" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.43" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "control center 6.1.0.0ifix02", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "algo one algo risk application", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9.1" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.3" }, { "model": "jg768aae hp pcm+ to imc std upg w/ 200-node e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.0.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.15" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.7" }, { "model": "jg660aae hp imc smart connect w/wlm vae e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.44" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.31" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "healthcare master person index", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "jd815a hp imc std platform w/100-node license", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "support assistant team server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.24" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.04" }, { "model": "websphere dashboard framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "infosphere information server blueprint director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.06" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.0.3.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "websphere application server liberty profil", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "control center ifix08", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "commons-fileupload library", "scope": "eq", "trust": 0.3, "vendor": "jenkins ci", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.8" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.8" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.1.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.6" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.4" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "control center ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "algo credit administrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.9" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "infosphere information server business glossary", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "case manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.3" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "bigfix remote control", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "tomcat 8.0.0-rc3", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tomcat 8.0.0-rc6", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.07" }, { "model": "interact", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.0.1.0" }, { "model": "infosphere qualitystage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "jf289aae hp enterprise management system to intelligent manageme", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.49" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "jf378a hp imc ent s/w platform w/200-node lic", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "case manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.0" }, { "model": "tivoli monitoring fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.9" }, { "model": "tivoli monitoring fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "infosphere metadata asset manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.0.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "knowledge", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.6.1" }, { "model": "control center ifix05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "infosphere information server blueprint director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "jg546aae hp imc basic sw platform w/50-node e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.5.7958" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "7.0.70" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "case manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.4" }, { "model": "case manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.41" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.38" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.22" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "atlas ediscovery process management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.3.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "algo one algo risk application", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "control center ifix05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "communications service broker engineered system edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.08" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "tomcat rc5", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.1182" }, { "model": "jd125a hp imc std s/w platform w/100-node", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "infosphere information server business glossary", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "algo credit manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "tomcat 9.0.0m8", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": null }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.8" }, { "model": "websphere application server full profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "jg549aae hp pcm+ to imc std upgr w/200-node e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.32" }, { "model": "healthcare master person index", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.1.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "infosphere qualitystage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.12.2" }, { "model": "tivoli monitoring fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.2.1162" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "commons fileupload", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.2.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.39" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tomcat 9.0.0.m2", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "infosphere metadata asset manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "b2b advanced communications 1.0.0.5 1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "algo credit limits", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7.0" }, { "model": "websphere application server full profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "support assistant team server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.0.2.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.9" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "disposal and governance management for it", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.3.3" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.37" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.13" }, { "model": "infosphere information governance catalog", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "solaris sru11.6", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "tomcat 9.0.0m6", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "websphere application server hypervisor edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "commons fileupload", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3" }, { "model": "infosphere metadata workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "case manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "knowledge", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "jg747aae hp imc std sw plat w/ nodes e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "jg548aae hp pcm+ to imc bsc upgr w/50-node e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tomcat 9.0.0.m3", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.3.7856" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.7" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.05" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.0" }, { "model": "tomcat 9.0.0.m5", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.5" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.0.1.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "tomcat rc10", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0.0" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "tivoli enterprise portal server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "global retention policy and schedule management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.3.3" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "8.0.36" }, { "model": "control center ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "distributed marketing", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "case manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "jg767aae hp imc smcnct wsm vrtl applnc sw e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "infosphere information governance catalog", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "tomcat for hp-ux b.11.31", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0.70.01" }, { "model": "tomcat rc2", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "jg590aae hp imc bsc wlan mgr sw pltfm ap e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "case manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "jf288aae hp network director to intelligent management center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "jg766aae hp imc smcnct vrtl applnc sw e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jd126a hp imc ent s/w platform w/100-node", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "icewall sso password reset option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "support assistant team server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "8.5.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "tomcat 9.0.0.m4", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "forms server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "infosphere information server business glossary", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.35" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "healthcare master person index", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.0.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "jf377a hp imc std s/w platform w/100-node lic", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.5" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "communications service broker engineered system edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "websphere application server liberty profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "commons fileupload", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "commons fileupload", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "1.3.1" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "utilities framework", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.0.2.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.46" }, { "model": "tomcat rc1", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "8.0.0" }, { "model": "control center 6.0.0.0ifix03", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere metadata asset manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.3" }, { "model": "security guardium data redaction", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.24" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.3.01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.18" }, { "model": "infosphere qualitystage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.13" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "jf377aae hp imc std s/w pltfrm w/100-node e-ltu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.4" }, { "model": "control center 6.1.0.0ifix01", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.021" }, { "model": "infosphere metadata workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "algo one algo risk application", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.33" }, { "model": "control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.34" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.5.1" }, { "model": "infosphere business glossary", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" } ], "sources": [ { "db": "BID", "id": "91453" }, { "db": "NVD", "id": "CVE-2016-3092" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-3092" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "141509" }, { "db": "PACKETSTORM", "id": "139164" }, { "db": "PACKETSTORM", "id": "139165" }, { "db": "PACKETSTORM", "id": "139536" }, { "db": "PACKETSTORM", "id": "139770" } ], "trust": 0.5 }, "cve": "CVE-2016-3092", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2016-3092", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-3092", "trust": 1.0, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-3092", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-3092" }, { "db": "NVD", "id": "CVE-2016-3092" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. These packages provide a number of enhancements\nover the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-267 - RHEL 6 Errata JIRA\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324759\nVersion: 3\n\nHPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of\nService (DoS), URL Redirection\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-12-01\nLast Updated: 2016-11-30\n\nPotential Security Impact: Remote: Denial of Service (DoS), URL Redirection\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in the HP-UX\nTomcat-based Servlet Engine. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) or URL Redirection. \n\nReferences:\n\n - CVE-2016-3092 - Apache Tomcat, Remote Denial of Service (DoS)\n - CVE-2016-5388 - Apache Tomcat, Remote URL Redirection\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP-UX Tomcat-based Servlet v.7.x Engine B.11.31 - Tomcat 7 prior to\nD.7.0.70.01\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-3092\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-5388\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software update to resolve the vulnerabilities\nin HP-UX Apache Tomcat 7 Servlet Engine:\n\n * Tomcat 7.0.70.01 for HP-UX Release B.11.31 (IPF and PA-RISC)\n\n + 64 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-64.depot\n + 32 bit Depot: HP_UX_11.31_HPUXWS24ATW-B501-11-31-32.depot\n\n* **Note:** The depot file can be found here:\n\n +\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=HPUXWSATW501\u003e \n \n * Tomcat 7.0.70.01 for Apache 2.2:\n\n + Install the depot via the link provided and then follow these steps to\nenable Tomcat 7.0.70.01 for Apache 2.2: \n\n 1.Run aswremovea to remove the previously installed Tomcat (if any)\n \n 2.rm arf /opt/hpws22/tomcat\n \n 3.Create the link using ln -s /opt/hpws24/tomcat /opt/hpws22/tomcat \n \n**MANUAL ACTIONS: Yes - Update**\n \nDownload and install the software update\n\n**PRODUCT SPECIFIC INFORMATION**\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HPE and lists recommended actions that may apply to a specific\nHP-UX system. It can also download patches and create a depot automatically. \nFor more information see:\n \n *\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=B6834AA\u003e\n\nThe following text is for use by the HP-UX Software Assistant. \n\n AFFECTED VERSIONS\n\n HP-UX B.11.31 IA/PA\n =================== \n hpuxws22TOMCAT.TOMCAT\n hpuxws22TOMCAT.TOMCAT2\n action: install revision D.7.0.70.01 or subsequent\n\n END AFFECTED VERSIONS\n\nHISTORY\n\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nVersion:2 (rev.2) - 8 November 2016 Removed extraneous text from background\nsection\n\nVersion:3 (rev.3) - 1 December 2016 Details added to enable Tomcat 7.0.70.01\nfor Apache 2.2, removed PSRT numbers, simplified title\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. It includes bug fixes and enhancements. The\nJBoss server process must be restarted for the update to take effect. (CVE-2016-3092)\n\n4. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat security, bug fix, and enhancement update\nAdvisory ID: RHSA-2016:2599-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2599.html\nIssue date: 2016-11-03\nCVE Names: CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 \n CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 \n CVE-2016-3092 \n=====================================================================\n\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nThe following packages have been upgraded to a newer upstream version:\ntomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1133070 - Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar\n1201409 - Fix the broken tomcat-jsvc service unit\n1208402 - Mark web.xml in tomcat-admin-webapps as config file\n1221896 - tomcat.service loads /etc/sysconfig/tomcat without shell expansion\n1229476 - Tomcat startup ONLY options\n1240279 - The command tomcat-digest doesn\u0027t work with RHEL 7\n1265698 - CVE-2015-5174 tomcat: URL Normalization issue\n1277197 - tomcat user has non-existing default shell set\n1287928 - Rebase tomcat to 7.0.69 or backport features\n1311076 - CVE-2015-5351 tomcat: CSRF token leak\n1311082 - CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms\n1311087 - CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet\n1311089 - CVE-2015-5345 tomcat: directory disclosure\n1311093 - CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()\n1311622 - Getting NoSuchElementException while handling attributes with empty string value in tomcat 7.0.54\n1320853 - Add HSTS support\n1327326 - rpm -V tomcat fails on /var/log/tomcat/catalina.out\n1347774 - The security manager doesn\u0027t work correctly (JSPs cannot be compiled)\n1347860 - The systemd service unit does not allow tomcat to shut down gracefully\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.69-10.el7.src.rpm\n\nnoarch:\ntomcat-7.0.69-10.el7.noarch.rpm\ntomcat-admin-webapps-7.0.69-10.el7.noarch.rpm\ntomcat-el-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-10.el7.noarch.rpm\ntomcat-lib-7.0.69-10.el7.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-10.el7.noarch.rpm\ntomcat-webapps-7.0.69-10.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.69-10.el7.noarch.rpm\ntomcat-javadoc-7.0.69-10.el7.noarch.rpm\ntomcat-jsvc-7.0.69-10.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5174\nhttps://access.redhat.com/security/cve/CVE-2015-5345\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYGv0mXlSAg2UNWIIRAq74AJ9mIwnepxw2jbrHnfK3Gkc+N7uMIACfXM+E\n5lVH/+qu5TZIB819MY4FTO0=\n=u+za\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. It contains security fixes for the Tomcat 7\ncomponent. Only users of the Tomcat 7 component in JBoss Web Server need to\napply the fixes delivered in this release. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2016-0706)\n\n3. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5346\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nSecurity Impact: https://access.redhat.com/security/updates/classification/#important\nDownload: https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.2\n\n6. ==========================================================================\nUbuntu Security Notice USN-3024-1\nJuly 05, 2016\n\ntomcat6, tomcat7 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled\nredirects. A remote attacker could use this issue to determine the\nexistence of a directory. This issue only affected Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 15.10. A\nremote attacker could possibly use this issue to hijack web sessions. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this\nissue to bypass CSRF protection mechanisms. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on the\nRestrictedServlets list. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. \n(CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation\nincorrectly handled session attributes. A remote attacker could possibly\nuse this issue to execute arbitrary code in a privileged context. This\nissue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. \n(CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly\nchecked if callers were authorized. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly handled\ncertain upload requests. (CVE-2016-3092)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libtomcat7-java 7.0.68-1ubuntu0.1\n\nUbuntu 15.10:\n libtomcat7-java 7.0.64-1ubuntu0.3\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.6\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.7\n\nIn general, a standard system update will make all the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2016-3092" }, { "db": "BID", "id": "91453" }, { "db": "VULMON", "id": "CVE-2016-3092" }, { "db": "PACKETSTORM", "id": "141509" }, { "db": "PACKETSTORM", "id": "139164" }, { "db": "PACKETSTORM", "id": "139972" }, { "db": "PACKETSTORM", "id": "139165" }, { "db": "PACKETSTORM", "id": "139536" }, { "db": "PACKETSTORM", "id": "139770" }, { "db": "PACKETSTORM", "id": "137773" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-3092", "trust": 2.1 }, { "db": "JVN", "id": "JVN89379547", "trust": 1.4 }, { "db": "BID", "id": "91453", "trust": 1.4 }, { "db": "SECTRACK", "id": "1036427", "trust": 1.1 }, { "db": "SECTRACK", "id": "1037029", "trust": 1.1 }, { "db": "SECTRACK", "id": "1036900", "trust": 1.1 }, { "db": "SECTRACK", "id": "1039606", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2016-000121", "trust": 1.1 }, { "db": "VULMON", "id": "CVE-2016-3092", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "141509", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139164", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139972", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139165", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139536", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139770", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137773", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-3092" }, { "db": "BID", "id": "91453" }, { "db": "PACKETSTORM", "id": "141509" }, { "db": "PACKETSTORM", "id": "139164" }, { "db": "PACKETSTORM", "id": "139972" }, { "db": "PACKETSTORM", "id": "139165" }, { "db": "PACKETSTORM", "id": "139536" }, { "db": "PACKETSTORM", "id": "139770" }, { "db": "PACKETSTORM", "id": "137773" }, { "db": "NVD", "id": "CVE-2016-3092" } ] }, "id": "VAR-201607-0321", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41666666 }, "last_update_date": "2024-06-14T22:46:42.863000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162069 - security advisory" }, { "title": "Red Hat: Moderate: jboss-ec2-eap security and enhancement update for EAP 6.4.11", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162072 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162068 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162070 - security advisory" }, { "title": "Debian Security Advisories: DSA-3611-1 libcommons-fileupload-java -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=824a6eb444fe6417647eb1c1fb51c0f6" }, { "title": "Ubuntu Security Notice: tomcat8 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3027-1" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162807 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162808 - security advisory" }, { "title": "Amazon Linux AMI: ALAS-2016-736", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-736" }, { "title": "Red Hat: CVE-2016-3092", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-3092" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170457 - security advisory" }, { "title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57" }, { "title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3024-1" }, { "title": "Debian Security Advisories: DSA-3609-1 tomcat8 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35ca6a1e2d09521d71af74a1e27d6cbd" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-3092" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2016-3092" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://jvn.jp/en/jp/jvn89379547/index.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.4, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3024-1" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/91453" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:0455" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2808.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2599.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2072.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2069.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468" }, { "trust": 1.1, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000121" }, { "trust": 1.1, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480" }, { "trust": 1.1, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738" }, { "trust": 1.1, "url": "http://tomcat.apache.org/security-8.html" }, { "trust": 1.1, "url": "http://tomcat.apache.org/security-9.html" }, { "trust": 1.1, "url": "http://tomcat.apache.org/security-7.html" }, { "trust": 1.1, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722" }, { "trust": 1.1, "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3ccaf8hoz%2bpq2qh8rnxbujyok1doz6jrtiqypac%2bh8g6ozkbg%2bcxg%40mail.gmail.com%3e" }, { "trust": 1.1, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3614" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-3027-1" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3611" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3609" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05204371" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05289840" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324759" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201705-09" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1037029" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036900" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036427" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1039606" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2017:0456" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2807.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2071.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2070.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2068.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20190212-0001/" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202107-39" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-3092" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324759" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "http://www.apache.org/" }, { "trust": 0.3, "url": "http://tomcat.apache.org/" }, { "trust": 0.3, "url": "http://commons.apache.org/proper/commons-fileupload//" }, { "trust": 0.3, "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9a3f@apache.org%3e" }, { "trust": 0.3, "url": "https://jenkins.io/security/advisory/2017-10-11/" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05204371" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05289840" }, { "trust": 0.3, "url": "http://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.70" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021649" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986641" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21990830" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21992916" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009566" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009571" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987864" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988198" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988279" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988584" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988586" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989359" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990120" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990236" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990262" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990386" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990394" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990424" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990451" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990527" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990884" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991786" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991866" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992457" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993043" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993879" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995043" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995382" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995611" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995686" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995793" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995892" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0714" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0706" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5351" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0763" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:2069" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-3611" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3027-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49238" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6325" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1240" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6816" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6794" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5174" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5345" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.2" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5346" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.64-1ubuntu0.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.68-1ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.7" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.6" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-3092" }, { "db": "BID", "id": "91453" }, { "db": "PACKETSTORM", "id": "141509" }, { "db": "PACKETSTORM", "id": "139164" }, { "db": "PACKETSTORM", "id": "139972" }, { "db": "PACKETSTORM", "id": "139165" }, { "db": "PACKETSTORM", "id": "139536" }, { "db": "PACKETSTORM", "id": "139770" }, { "db": "PACKETSTORM", "id": "137773" }, { "db": "NVD", "id": "CVE-2016-3092" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-3092" }, { "db": "BID", "id": "91453" }, { "db": "PACKETSTORM", "id": "141509" }, { "db": "PACKETSTORM", "id": "139164" }, { "db": "PACKETSTORM", "id": "139972" }, { "db": "PACKETSTORM", "id": "139165" }, { "db": "PACKETSTORM", "id": "139536" }, { "db": "PACKETSTORM", "id": "139770" }, { "db": "PACKETSTORM", "id": "137773" }, { "db": "NVD", "id": "CVE-2016-3092" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-07-04T00:00:00", "db": "VULMON", "id": "CVE-2016-3092" }, { "date": "2016-06-21T00:00:00", "db": "BID", "id": "91453" }, { "date": "2017-03-08T00:54:47", "db": "PACKETSTORM", "id": "141509" }, { "date": "2016-10-18T13:58:15", "db": "PACKETSTORM", "id": "139164" }, { "date": "2016-12-01T16:38:46", "db": "PACKETSTORM", "id": "139972" }, { "date": "2016-10-18T13:58:26", "db": "PACKETSTORM", "id": "139165" }, { "date": "2016-11-04T20:09:39", "db": "PACKETSTORM", "id": "139536" }, { "date": "2016-11-17T23:52:49", "db": "PACKETSTORM", "id": "139770" }, { "date": "2016-07-05T18:11:00", "db": "PACKETSTORM", "id": "137773" }, { "date": "2016-07-04T22:59:04.303000", "db": "NVD", "id": "CVE-2016-3092" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-08T00:00:00", "db": "VULMON", "id": "CVE-2016-3092" }, { "date": "2019-04-17T07:00:00", "db": "BID", "id": "91453" }, { "date": "2023-12-08T16:41:18.860000", "db": "NVD", "id": "CVE-2016-3092" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "91453" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability", "sources": [ { "db": "BID", "id": "91453" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "91453" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.