var-202107-1593
Vulnerability from variot
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079). Description:
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 5.6.0 Security release Advisory ID: RHSA-2021:4861-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:4861 Issue date: 2021-11-30 CVE Names: CVE-2021-30640 CVE-2021-33037 CVE-2021-42340 ==================================================================== 1. Summary:
Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 5.6 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.6 for RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
- tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340)
- tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037)
- tomcat: JNDI realm authentication weakness (CVE-2021-30640)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat JBoss Web Server 5.6 for RHEL 7 Server:
Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.src.rpm
noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el7jws.x86_64.rpm
Red Hat JBoss Web Server 5.6 for RHEL 8:
Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.src.rpm
noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el8jws.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30640 https://access.redhat.com/security/cve/CVE-2021-33037 https://access.redhat.com/security/cve/CVE-2021-42340 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYaaMntzjgjWX9erEAQibyg/9E3I1wMpKriqTZKlf1tGcPt4wShPVNKMh B4PC8t1vBZJZ2VBMrQJdmYBUKRn3mccCqUxd0ey/UfsacIoKvAACr18iXCxYc4cO MeNqy7SWRO+Kwze2fYpBu7w5dR34yhUQAN8DAOui7DduZsS209X7WhShrLSjzF5j g+nhRCi4l5QRwcy7NF4TAhmAN7f819BwDHQJI/ttaOHqEwsDnOlPNKbV0X4Hlkf5 5VRD/8ArImD7tqpSs/9YVh34MJLCVmVkWgHBDY0I06LcRSQJoRBZDEkoPRHQxU26 hKH5oDaVezm92RFFqfwo2HHY6eGJc/qTTcd/WeW4RDfx49+ARsOt2kvO2XcEo45A iUue2MayqnfdQHRI7MMNaaWoNudI2MVBcbQYhkTZcgApZEmtCe4taeo0YUvFqUeJ N1Awh8QIN5vqA7wKdtrHiQCMx/6/fqi3VtKN3LZEuUiRMM/sueqc1yob6piuU4Vk nyHP0ULSyMYnrzoqKN1BwbobRYyXKbVR376qMtxhLMe71PXg26TgDC9seUnooNum XgcRIdc7Q2WyGaFLxGE5fS0/7FagX/etRlg9DIHi27NVl0WXgmFVLC2ZumjfSoms FgQUTPwa2Bt90Oat2u7vnB5MBvCR0+OAAsM8TK/cn/31F697MMTI6Qloiq2DDOt4 2c2PkIZ6XrY=6RkQ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4952-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2021 https://www.debian.org/security/faq
Package : tomcat9 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.
For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u5.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8 TjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W AiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg zT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u oUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1 490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W +IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4 DnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id SRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8 ko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa Fyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95 zyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic= =WmYc -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-34
https://security.gentoo.org/
Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #773571, #801916, #818160, #855971 ID: 202208-34
Synopsis
Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 8.5.82:8.5 >= 8.5.82:8.5 < 9.0.65:9 >= 9.0.65:9 < 10.0.23:10 >= 10.0.23:10
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 10.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10"
All Apache Tomcat 9.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9"
All Apache Tomcat 8.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5"
References
[ 1 ] CVE-2021-25122 https://nvd.nist.gov/vuln/detail/CVE-2021-25122 [ 2 ] CVE-2021-25329 https://nvd.nist.gov/vuln/detail/CVE-2021-25329 [ 3 ] CVE-2021-30639 https://nvd.nist.gov/vuln/detail/CVE-2021-30639 [ 4 ] CVE-2021-30640 https://nvd.nist.gov/vuln/detail/CVE-2021-30640 [ 5 ] CVE-2021-33037 https://nvd.nist.gov/vuln/detail/CVE-2021-33037 [ 6 ] CVE-2021-42340 https://nvd.nist.gov/vuln/detail/CVE-2021-42340 [ 7 ] CVE-2022-34305 https://nvd.nist.gov/vuln/detail/CVE-2022-34305
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-34
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.25"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.2.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.0.6"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.66"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "tomcat",
"scope": "gt",
"trust": 1.0,
"vendor": "apache",
"version": "10.0.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4.0"
},
{
"model": "graph server and client",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "tomee",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.6"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.3.1"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.46"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.4"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "gt",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.10.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "epolicy orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.10.0"
},
{
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "hospitality cruise shipboard property management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1.0"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.1.1"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "addpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "connexive edge device management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "iot \u30c7\u30fc\u30bf\u30b9\u30c8\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec \u81ea\u52d5\u5fdc\u7b54",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "simpwright",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "cosminexus developer professional",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "elastic matcher",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "secureware/clm",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "tomee",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "tomcat",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle communications diameter signaling router",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "cosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "esmpro/servermanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "cosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "infocage",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "cosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server standard-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "enterpriseidentitymanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "webotx developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "retrieem",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus developer professional",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer professional for plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "NVD",
"id": "CVE-2021-33037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.46",
"versionStartExcluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.6",
"versionStartExcluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.66",
"versionStartIncluding": "8.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomee:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.25",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166707"
},
{
"db": "PACKETSTORM",
"id": "165117"
},
{
"db": "PACKETSTORM",
"id": "165112"
},
{
"db": "PACKETSTORM",
"id": "167841"
}
],
"trust": 0.4
},
"cve": "CVE-2021-33037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33037",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-393050",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33037",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33037",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-681",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-393050",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-33037",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393050"
},
{
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. It exists that Tomcat did not properly validate the input length. An\nattacker could possibly use this to trigger an infinite loop, resulting in a\ndenial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079). Description:\n\nRed Hat support for Spring Boot provides an application platform that\nreduces the complexity of developing and operating applications (monoliths\nand microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 5.6.0 Security release\nAdvisory ID: RHSA-2021:4861-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4861\nIssue date: 2021-11-30\nCVE Names: CVE-2021-30640 CVE-2021-33037 CVE-2021-42340\n====================================================================\n1. Summary:\n\nUpdated Red Hat JBoss Web Server 5.6.0 packages are now available for Red\nHat Enterprise Linux 7 and Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 5.6 for RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Web Server 5.6 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. \n\nThis release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for\nRed Hat JBoss Web Server 5.5.0. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References. \n\nSecurity Fix(es):\n\n* tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could\nlead to DoS (CVE-2021-42340)\n* tomcat: HTTP request smuggling when used with a reverse proxy\n(CVE-2021-33037)\n* tomcat: JNDI realm authentication weakness (CVE-2021-30640)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat JBoss Web Server 5.6 for RHEL 7 Server:\n\nSource:\njws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.src.rpm\njws5-tomcat-native-1.2.30-3.redhat_3.el7jws.src.rpm\njws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk11-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk8-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-lib-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm\njws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.30-3.redhat_3.el7jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el7jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.6 for RHEL 8:\n\nSource:\njws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.src.rpm\njws5-tomcat-native-1.2.30-3.redhat_3.el8jws.src.rpm\njws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-lib-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm\njws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.30-3.redhat_3.el8jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el8jws.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30640\nhttps://access.redhat.com/security/cve/CVE-2021-33037\nhttps://access.redhat.com/security/cve/CVE-2021-42340\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYaaMntzjgjWX9erEAQibyg/9E3I1wMpKriqTZKlf1tGcPt4wShPVNKMh\nB4PC8t1vBZJZ2VBMrQJdmYBUKRn3mccCqUxd0ey/UfsacIoKvAACr18iXCxYc4cO\nMeNqy7SWRO+Kwze2fYpBu7w5dR34yhUQAN8DAOui7DduZsS209X7WhShrLSjzF5j\ng+nhRCi4l5QRwcy7NF4TAhmAN7f819BwDHQJI/ttaOHqEwsDnOlPNKbV0X4Hlkf5\n5VRD/8ArImD7tqpSs/9YVh34MJLCVmVkWgHBDY0I06LcRSQJoRBZDEkoPRHQxU26\nhKH5oDaVezm92RFFqfwo2HHY6eGJc/qTTcd/WeW4RDfx49+ARsOt2kvO2XcEo45A\niUue2MayqnfdQHRI7MMNaaWoNudI2MVBcbQYhkTZcgApZEmtCe4taeo0YUvFqUeJ\nN1Awh8QIN5vqA7wKdtrHiQCMx/6/fqi3VtKN3LZEuUiRMM/sueqc1yob6piuU4Vk\nnyHP0ULSyMYnrzoqKN1BwbobRYyXKbVR376qMtxhLMe71PXg26TgDC9seUnooNum\nXgcRIdc7Q2WyGaFLxGE5fS0/7FagX/etRlg9DIHi27NVl0WXgmFVLC2ZumjfSoms\nFgQUTPwa2Bt90Oat2u7vnB5MBvCR0+OAAsM8TK/cn/31F697MMTI6Qloiq2DDOt4\n2c2PkIZ6XrY=6RkQ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4952-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 09, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat9\nCVE ID : CVE-2021-30640 CVE-2021-33037\nDebian Bug : 991046\n\nTwo vulnerabilities were discovered in the Tomcat servlet and JSP engine,\nwhich could result in HTTP request smuggling, bypass of logout\nrestrictions or authentications using variations of a valid user name. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u5. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8\nTjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W\nAiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg\nzT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u\noUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1\n490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W\n+IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4\nDnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id\nSRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8\nko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa\nFyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95\nzyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic=\n=WmYc\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-34\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache Tomcat: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #773571, #801916, #818160, #855971\n ID: 202208-34\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Tomcat, the\nworst of which could result in denial of service. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 8.5.82:8.5 \u003e= 8.5.82:8.5\n \u003c 9.0.65:9 \u003e= 9.0.65:9\n \u003c 10.0.23:10 \u003e= 10.0.23:10\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache Tomcat 10.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-10.0.23:10\"\n\nAll Apache Tomcat 9.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-9.0.65:9\"\n\nAll Apache Tomcat 8.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-8.5.82:8.5\"\n\nReferences\n=========\n[ 1 ] CVE-2021-25122\n https://nvd.nist.gov/vuln/detail/CVE-2021-25122\n[ 2 ] CVE-2021-25329\n https://nvd.nist.gov/vuln/detail/CVE-2021-25329\n[ 3 ] CVE-2021-30639\n https://nvd.nist.gov/vuln/detail/CVE-2021-30639\n[ 4 ] CVE-2021-30640\n https://nvd.nist.gov/vuln/detail/CVE-2021-30640\n[ 5 ] CVE-2021-33037\n https://nvd.nist.gov/vuln/detail/CVE-2021-33037\n[ 6 ] CVE-2021-42340\n https://nvd.nist.gov/vuln/detail/CVE-2021-42340\n[ 7 ] CVE-2022-34305\n https://nvd.nist.gov/vuln/detail/CVE-2022-34305\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-34\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. The purpose of this text-only errata is to inform you about the\nsecurity issues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.11.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-393050"
},
{
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"db": "PACKETSTORM",
"id": "166707"
},
{
"db": "PACKETSTORM",
"id": "165117"
},
{
"db": "PACKETSTORM",
"id": "165112"
},
{
"db": "PACKETSTORM",
"id": "169105"
},
{
"db": "PACKETSTORM",
"id": "168127"
},
{
"db": "PACKETSTORM",
"id": "167841"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33037",
"trust": 4.0
},
{
"db": "MCAFEE",
"id": "SB10366",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "168127",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165112",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91880022",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166707",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072907",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012750",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081231",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113014",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101943",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021090824",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012307",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042210",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092919",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040522",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2676",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4028",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2664",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3924",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3688",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2359",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3531",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2647",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1404",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-681",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165117",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99316",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-393050",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169105",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167841",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393050"
},
{
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "PACKETSTORM",
"id": "166707"
},
{
"db": "PACKETSTORM",
"id": "165117"
},
{
"db": "PACKETSTORM",
"id": "165112"
},
{
"db": "PACKETSTORM",
"id": "169105"
},
{
"db": "PACKETSTORM",
"id": "168127"
},
{
"db": "PACKETSTORM",
"id": "167841"
},
{
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"id": "VAR-202107-1593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393050"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:06:11.050000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-140",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3cannounce.tomcat.apache.org%3e"
},
{
"title": "Apache Tomcat Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178517"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1535",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1535"
},
{
"title": "Debian Security Advisories: DSA-4952-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=34a8611657c60f45f0bee7f033163917"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat9: CVE-2021-33037 CVE-2021-30640 CVE-2021-30639",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=c76b2125cc2898e046bae42a78fc87ed"
},
{
"title": "Red Hat: Important: Red Hat support for Spring Boot 2.5.10 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221179 - security advisory"
},
{
"title": "Red Hat: CVE-2021-33037",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-33037"
},
{
"title": "Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5360-1"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-140"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.11.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225532 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-134"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-33037 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.1
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "NVD",
"id": "CVE-2021-33037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-34"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33037"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4952"
},
{
"trust": 1.8,
"url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10366"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-33037"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91880022/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113014"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3924"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2359"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165112/red-hat-security-advisory-2021-4863-06.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040522"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080808"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4028"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220422102"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021090824"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2664"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6493299"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6497115"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3531"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012750"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1404"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166707/red-hat-security-advisory-2022-1179-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2647"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-tomcat-hiding-via-request-encoding-35862"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101943"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2676"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3688"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011911"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012307"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168127/gentoo-linux-security-advisory-202208-34.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6485649"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092919"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072907"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081231"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30640"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-30640"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42340"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-42340"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3859"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3642"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41079"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25122"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10366"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-33037"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2021-1535.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5360-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.5/html/release_notes_for_spring_boot_2.5/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.spring.boot\u0026version=2.5.10"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41079"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4861"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4863"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25329"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-24122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.11.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23913"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22932"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7020"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-24122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36090"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43859"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3644"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393050"
},
{
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "PACKETSTORM",
"id": "166707"
},
{
"db": "PACKETSTORM",
"id": "165117"
},
{
"db": "PACKETSTORM",
"id": "165112"
},
{
"db": "PACKETSTORM",
"id": "169105"
},
{
"db": "PACKETSTORM",
"id": "168127"
},
{
"db": "PACKETSTORM",
"id": "167841"
},
{
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393050"
},
{
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"db": "PACKETSTORM",
"id": "166707"
},
{
"db": "PACKETSTORM",
"id": "165117"
},
{
"db": "PACKETSTORM",
"id": "165112"
},
{
"db": "PACKETSTORM",
"id": "169105"
},
{
"db": "PACKETSTORM",
"id": "168127"
},
{
"db": "PACKETSTORM",
"id": "167841"
},
{
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-393050"
},
{
"date": "2021-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"date": "2021-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"date": "2022-04-13T15:02:31",
"db": "PACKETSTORM",
"id": "166707"
},
{
"date": "2021-12-01T16:38:47",
"db": "PACKETSTORM",
"id": "165117"
},
{
"date": "2021-12-01T16:37:47",
"db": "PACKETSTORM",
"id": "165112"
},
{
"date": "2021-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169105"
},
{
"date": "2022-08-22T16:02:30",
"db": "PACKETSTORM",
"id": "168127"
},
{
"date": "2022-07-27T17:27:19",
"db": "PACKETSTORM",
"id": "167841"
},
{
"date": "2021-07-12T15:15:08.400000",
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-393050"
},
{
"date": "2022-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33037"
},
{
"date": "2022-12-13T07:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-003000"
},
{
"date": "2023-11-07T03:35:46.960000",
"db": "NVD",
"id": "CVE-2021-33037"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-681"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Tomcat\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading...